CISA orders 3-day patch deadline for federal agencies

CISA issued a binding operational directive requiring federal civilian agencies to patch certain cyber vulnerabilities within 72 hours. The rule applies to exploited, automatable vulnerabilities facing the internet that give attackers some system control. Agencies have 180 days to adopt the timeline. CISA urged state and critical infrastructure entities to follow suit.