{"id":46,"date":"2024-02-26T08:00:00","date_gmt":"2024-02-26T16:00:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=46"},"modified":"2024-08-02T14:00:01","modified_gmt":"2024-08-02T21:00:01","slug":"the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/","title":{"rendered":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01"},"content":{"rendered":"\n<p>While tech sector media coverage on cybersecurity has primarily focused in recent years on trends such as ransomware attacks, vulnerabilities in the DevOps chain, and the growing role of AI in combating threats, a quiet but significant development has been advancing under the radar on several fronts: we refer to the more assertive stance taken by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to elevate security best practices in government and the private sector.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding CISA\u2019s\u00a0Binding Operational Directive (BOD) 22-01<\/h2>\n\n\n\n<p>On November 3, 2021, the CISA, a federal agency under the U.S. Department of Homeland Security, introduced the Known Exploited Vulnerabilities Catalog, a continuously updated database of exploited Common Vulnerabilities and Exposures (CVEs). Under the CISA\u2019s\u00a0<a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities\">Binding Operational Directive (BOD) 22-01<\/a>, all Federal Civilian Executive Branch (FCEB) agencies were mandated to consult the database to identify and remediate listed vulnerabilities within a certain timeframe. While mandatory only for FCEB agencies, organizations in the private sector were also strongly encouraged to download the catalog and use it to compare against their own internal security measures as a means of reducing risk. With 287 entries when first released, the catalog has been updated continuously at a cadence based on threat activity, often multiple times per month. As of late 2023, the catalog stood at well over 1,000 entries and growing.<\/p>\n\n\n\n<p>But the CISA didn\u2019t stop there. In October 2022, the CISA published\u00a0<a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-23-01-improving-asset-visibility-and-vulnerability-detection-federal-networks\">BOD 23-01<\/a>, a directive aimed at advancing measurable progress toward enhancing visibility into agency assets and associated vulnerabilities. Again, while aimed primarily at addressing visibility challenges at the component, agency, and FCEB enterprise level, BOD 23-01 has implications for strengthening the security posture of organizations across any number of private sector verticals. The directive focuses on two core activities essential to improving operational visibility for a successful cybersecurity program: asset discovery and vulnerability enumeration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Asset Discovery and Vulnerability Enumeration<\/h2>\n\n\n\n<p><strong>Asset Discovery<\/strong>&nbsp;is a building block of operational visibility, and it is defined as an activity through which an organization identifies what network addressable IP-assets reside on their networks and identifies the associated IP addresses (hosts). Asset discovery is non-intrusive and usually does not require special logical access privileges.<\/p>\n\n\n\n<p><strong>Vulnerability Enumeration<\/strong>&nbsp;identifies and reports suspected vulnerabilities on those assets. It detects host attributes (e.g., operating systems, applications, open ports, etc.) and attempts to identify outdated software versions, missing updates, and misconfigurations. The vulnerability enumeration process validates compliance with or deviations from security policies by identifying host attributes and matching them with information on known vulnerabilities. Understanding an asset\u2019s vulnerability posture is dependent on having appropriate privileges, which can be achieved through credentialed network-based scans or a client installed on the host endpoint.<\/p>\n\n\n\n<p>It should be pointed out that asset visibility is not an end in itself, for BOD 23-01, but is necessary for updates, configuration management, and other security and lifecycle management activities that significantly reduce cybersecurity risk. This holds true for exigent activities like vulnerability remediation as well. At its core, the goal of the directive is for agencies to comprehensively achieve the following outcomes without prescribing exactly&nbsp;<em>how<\/em>&nbsp;to do so:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain an up-to-date inventory of networked assets as defined in the scope of the directive.<\/li>\n\n\n\n<li>Identify software vulnerabilities using privileged or client-based means where technically feasible.<\/li>\n\n\n\n<li>Track how often the agency enumerates its assets, what coverage of its assets it achieves, and how current its vulnerability signatures are.<\/li>\n\n\n\n<li>Provide asset and vulnerability information to CISA\u2019s CDM Federal Dashboard.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Capitalizing on the CISA Directives: How CyCognito Can Help Your Organization Build on Asset Discovery and Vulnerability Enumeration<\/h2>\n\n\n\n<p>For more than a year now, CyCognito has operationalized the CISA known exploited vulnerability catalog within its platform. Data from the catalog is used during assessment and prioritization phases to understand asset risk and assign urgency to issues. The CISA known exploitable vulnerability catalog is the latest of many intelligence sources used by CyCognito to develop asset risk scores, including those from NSA, MITRE, FBI and CISA. For example, MITRE ATT&amp;CK Tactics and Techniques are often displayed as part of CyCognito Exploit Intelligence to assist in communicating how adversaries may use a particular exploitable vulnerability, in this case, initial access and lateral movement. You can read more about that integration in<a href=\"https:\/\/www.cycognito.com\/blog\/cycognito-operationalizes-cisa-known-exploited-vulnerabilities-catalog\">&nbsp;this blog post<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How CyCognito Automates Asset Discovery<\/h2>\n\n\n\n<p>The CyCognito platform has been adopted by leading companies in financial services, media and publishing, consumer packaged goods, healthcare, and many other sectors precisely because it enables comprehensive asset discovery for attack surface assessment. In fact, automated, zero-input asset discovery and attribution is the foundation of CyCognito\u2019s external attack surface management system. With CyCognito, it becomes possible to discover and contextualize your entire internet-exposed attack surface in line with the BOD 23-01 directive.<\/p>\n\n\n\n<p>The first thing CyCognito does is use machine learning and natural language processing to automatically map your organization\u2014including all subsidiaries and their assets. In this way, it becomes possible to understand your attack surface from the perspective of a malicious attacker. CyCognito uses that context and evidence to chart your attack surface and understand the attacker\u2019s path of least resistance. By mapping out a discovery path, the CyCognito platform shows the hierarchy of the discovered organizations along with attribution context for you to understand what ties them together. Evidence of each relationship is provided via links, making it easy to understand and document each asset, with pages showing what each asset does and how it could give attackers a foothold into the organization.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enumerating Vulnerabilities to Defend Against&nbsp;Threats<\/h2>\n\n\n\n<p>The CyCognito platform also addresses today\u2019s vulnerability management requirements in line with the BOD 23-01 directive. Built on the foundation of full discovery of your entire extended IT ecosystem, the CyCognito platform helps you to proactively defend against threats from even the most sophisticated attackers. It operates continuously and autonomously using advanced reconnaissance techniques to identify attackers\u2019 paths of least resistance into your environment so that you can efficiently eliminate them. Once it identifies potential attack vectors, it prioritizes risks and delivers both actionable remediation guidance and ongoing validation of fixes. The result is a platform that delivers risk-based vulnerability management for your entire attacker-exposed IT ecosystem, closing what is a significant gap in existing attack surface management and vulnerability management processes.<\/p>\n\n\n\n<p>The CyCognito platform uniquely delivers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The essential foundation of vulnerability management: full discovery of your extended IT ecosystem, including assets that are part of your IT ecosystem but are unknown or unmanaged by you.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"770\" height=\"329\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\" alt=\"\" class=\"wp-image-184\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png 770w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31-512x219.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31-768x328.png 768w\" sizes=\"auto, (max-width: 770px) 100vw, 770px\" \/><figcaption class=\"wp-element-caption\">&nbsp;Figure 1. Visibility into the entire attack surface, including unknown assets.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detection and testing of attack vectors across your entire attacker-exposed IT ecosystem, going well beyond CVEs to include data exposures, misconfigurations, and even software zero-day vulnerabilities.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"406\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-32.png\" alt=\"\" class=\"wp-image-185\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-32.png 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-32-512x271.png 512w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><figcaption class=\"wp-element-caption\">&nbsp;Figure 2. Active assessment to identify risks far beyond common vulnerabilities and exposures (CVEs)<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prioritization of the attack vectors in your IT ecosystem based on what could impact your organization most from a cybersecurity risk perspective.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"536\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-33.png\" alt=\"\" class=\"wp-image-186\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-33.png 832w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-33-512x330.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-33-768x495.png 768w\" sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Actionable remediation guidance and reporting to accelerate your remediation and validation.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"782\" height=\"322\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-34.png\" alt=\"\" class=\"wp-image-187\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-34.png 782w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-34-512x211.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-34-768x316.png 768w\" sizes=\"auto, (max-width: 782px) 100vw, 782px\" \/><\/figure>\n\n\n\n<p>By taking an attacker-oriented approach to vulnerability management, security teams using the CyCognito platform can automatically discover and understand the business context for every asset within the organization. With vulnerabilities prioritized in this way, teams can mitigate threats and concentrate remediation actions where they\u2019re most needed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA&#8217;s proactive approach to cybersecurity is highlighted, focusing on two directives: BOD 22-01, which mandates agencies to consult the &#8220;Known Exploited Vulnerabilities Catalog,&#8221; and BOD 23-01, aimed at improving agency asset visibility and vulnerability detection. These directives emphasize asset discovery and vulnerability enumeration as crucial activities for risk reduction. CyCognito&#8217;s platform aligns with these directives by automating discovery, contextualizing assets, and prioritizing vulnerabilities based on attacker perspective, enabling organizations to efficiently close gaps in their attack surface management.<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[6,7,8,9,10],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-attack-surface-management","tag-bod-23-01","tag-cisa","tag-cybersecurity","tag-risk-reduction"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"CISA&#039;s proactive approach to cybersecurity is highlighted, focusing on two directives: BOD 22-01, which mandates agencies to consult the &quot;Known Exploited Vulnerabilities Catalog,&quot; and BOD 23-01, aimed at improving agency asset visibility and vulnerability detection. These directives emphasize asset discovery and vulnerability enumeration as crucial activities for risk reduction. CyCognito&#039;s platform aligns with these directives by automating discovery, contextualizing assets, and prioritizing vulnerabilities based on attacker perspective, enabling organizations to efficiently close gaps in their attack surface management.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-26T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-02T21:00:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\" \/>\n<meta name=\"author\" content=\"Carrie Oakes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carrie Oakes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\"},\"author\":{\"name\":\"Carrie Oakes\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/4e1958871173f80a6e5bcc8493aa9309\"},\"headline\":\"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01\",\"datePublished\":\"2024-02-26T16:00:00+00:00\",\"dateModified\":\"2024-08-02T21:00:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\"},\"wordCount\":1225,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\",\"keywords\":[\"Attack Surface Management\",\"BOD 23-01\",\"CISA\",\"Cybersecurity\",\"Risk Reduction\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\",\"name\":\"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\",\"datePublished\":\"2024-02-26T16:00:00+00:00\",\"dateModified\":\"2024-08-02T21:00:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png\",\"width\":770,\"height\":329},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/4e1958871173f80a6e5bcc8493aa9309\",\"name\":\"Carrie Oakes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d885faceec62172536b9c9d3c4d7f156?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d885faceec62172536b9c9d3c4d7f156?s=96&d=mm&r=g\",\"caption\":\"Carrie Oakes\"},\"description\":\"Was Sr. Director of Product Marketing\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/carrie-oakes\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/","og_locale":"en_US","og_type":"article","og_title":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog","og_description":"CISA's proactive approach to cybersecurity is highlighted, focusing on two directives: BOD 22-01, which mandates agencies to consult the \"Known Exploited Vulnerabilities Catalog,\" and BOD 23-01, aimed at improving agency asset visibility and vulnerability detection. These directives emphasize asset discovery and vulnerability enumeration as crucial activities for risk reduction. CyCognito's platform aligns with these directives by automating discovery, contextualizing assets, and prioritizing vulnerabilities based on attacker perspective, enabling organizations to efficiently close gaps in their attack surface management.","og_url":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/","og_site_name":"CyCognito Blog","article_published_time":"2024-02-26T16:00:00+00:00","article_modified_time":"2024-08-02T21:00:01+00:00","og_image":[{"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png","type":"","width":"","height":""}],"author":"Carrie Oakes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Carrie Oakes","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/"},"author":{"name":"Carrie Oakes","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/4e1958871173f80a6e5bcc8493aa9309"},"headline":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01","datePublished":"2024-02-26T16:00:00+00:00","dateModified":"2024-08-02T21:00:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/"},"wordCount":1225,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png","keywords":["Attack Surface Management","BOD 23-01","CISA","Cybersecurity","Risk Reduction"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/","url":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/","name":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png","datePublished":"2024-02-26T16:00:00+00:00","dateModified":"2024-08-02T21:00:01+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/image-31.png","width":770,"height":329},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/the-cisa-points-way-forward-for-more-effective-vulnerability-management-with-directive-23-01\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The CISA Points Way Forward for More Effective Vulnerability Management with Directive 23-01"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/4e1958871173f80a6e5bcc8493aa9309","name":"Carrie Oakes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d885faceec62172536b9c9d3c4d7f156?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d885faceec62172536b9c9d3c4d7f156?s=96&d=mm&r=g","caption":"Carrie Oakes"},"description":"Was Sr. Director of Product Marketing","url":"https:\/\/www.cycognito.com\/blog\/author\/carrie-oakes\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=46"}],"version-history":[{"count":3,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":976,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/46\/revisions\/976"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}