CISA orders 3-day patch deadline for critical flaws

CISA issued Binding Operational Directive 26-04, requiring Federal Civilian Executive Branch agencies to remediate high-risk vulnerabilities within accelerated timeframes, including a three-day deadline for critical flaws. The directive supersedes older BOD 19-02 and BOD 22-01. Agencies must update vulnerability management policies within 60 days.