US Cybersecurity and Infrastructure Security Agency releases methodology to prioritise vulnerabilities risks

CISA, the US Cybersecurity and Infrastructure Security Agency, has published its guide on Stakeholder-Specific Vulnerability Categorization. The guide is ‘a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system’. The guide represents an important step in advancing the vulnerability management ecosystem of critical infrastructure.