Photo of Bryan Ramirez

Bryan Ramirez

Bryan Ramirez is an associate in the firm’s San Francisco office and is a member of the Data Privacy and Cybersecurity Practice Group. He advises clients on a range of regulatory and compliance issues, including compliance with state privacy laws. Bryan also maintains an active pro bono practice.

On June 10, the Cybersecurity & Infrastructure Security Agency (CISA) released Binding Operational Directive (BOD) 26-04 on Prioritizing Security Updates Based on Risk and the accompanying Implementation Guidance. In releasing the BOD and Implementation Guidance, CISA noted that the documents are “part of CISA’s response to the current threat landscape” and the impact of AI on the volume of identified security vulnerabilities and compressed timelines for remediation as threat actors move quickly to exploit them. While the BOD and Implementation Guidance apply to agencies, CISA Acting Director Nick Anderson noted in the release of the documents that “CISA strongly encourages all partners to adopt similar actions in their vulnerability management policy.”

Continue Reading CISA Releases Binding Operational Directive on Prioritizing Security Updates Based on Risk