Sign up to save your podcasts
Or
Share Product Talk – CISA's BOD 26-04 Directive Explained, E26
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Product Talk – CISA's BOD 26-04 Directive Explained, E26
CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the four urgency signals, the 16-row decision tree, and the shift from "justify the patch" to "justify why you can't." They also cover what it means for contractors, cyber insurance, and the future of Patch Tuesday.
If you own patching or vulnerability management, start here.
View all episodes
By Automox
5
55 ratings
CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the four urgency signals, the 16-row decision tree, and the shift from "justify the patch" to "justify why you can't." They also cover what it means for contractors, cyber insurance, and the future of Patch Tuesday.
If you own patching or vulnerability management, start here.