US Cybersecurity and Infrastructure Security Agency releases methodology to prioritise vulnerabilities risks
CISA, the US Cybersecurity and Infrastructure Security Agency, has published its guide on Stakeholder-Specific Vulnerability Categorization. The guide represents a vulnerability management methodology that assesses vulnerabilities and prioritises remediation efforts.
CISA, the US Cybersecurity and Infrastructure Security Agency, has published its guide on Stakeholder-Specific Vulnerability Categorization. The guide is ‘a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system’. The guide represents an important step in advancing the vulnerability management ecosystem of critical infrastructure.