Episode Details
Back to Episodes
Product Talk – CISA's BOD 26-04 Directive Explained, E26
Episode 26
Published 1 month ago
Description
CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the four urgency signals, the 16-row decision tree, and the shift from "justify the patch" to "justify why you can't." They also cover what it means for contractors, cyber insurance, and the future of Patch Tuesday.
If you own patching or vulnerability management, start here.