--- title: "CISA BOD 22-01 (CISA KEV)" slug: "cisa-bod-22-01" updated: 2025-10-22T16:13:59Z published: 2025-10-22T16:13:59Z canonical: "help.nucleussec.com/cisa-bod-22-01" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # CISA BOD 22-01 (CISA KEV) ## Overview > [!NOTE] > Note the rename > > The CISA BOD 22-01 was relaunched as the CISA KEV (Known Exploited Vulnerabilities) list in 2022. You will see references to both CISA BOD & CISA KEV in Nucleus documentation and platform depending on if you are a federal customer or commercial client. On November 3, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), a branch of the U.S. Department of Homeland Security (DHS), released [Binding Operational Directive (BOD) 22-01](https://cyber.dhs.gov/bod/22-01/). Cybersecurity directives from CISA are infrequent, the last being issued on September 2, 2020, and they tend to be at a rather high level. BOD 22-01 is different, because it instructs agencies to remediate a specific list of vulnerabilities, and it attaches strict deadlines. Importantly, this directive is a requirement, and not simply guidance or a recommended best practice. The target for this BOD is government organizations. However, it is not at all uncommon for private industry to adopt government standards once they become aware of them. Organizations with significant government contracts in their book of business would do well to comply and be able to prove compliance upon demand. Fortunately, Nucleus simplifies compliance with CISA BOD 22-01. ## Where to find and how to use CISA BOD 22-01 results can be found, associated with specific CVEs, on the Vulnerability Intelligence tab of the detail view on any vulnerability or compliance finding. ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/vuln-details-cisa-bod(1).png) You can also filter vulnerabilities for analysis and reporting based on CISA BOD 22-01 results using the Filter button and query builder on the **Vulnerabilities > Active** view. ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/query-builder-cisa-bod.gif) Additionally, CISA BOD 22-01 can be used as criteria for triggering automation rules that create downstream events like [Finding Processing](/v1/docs/finding-processing-rules) and [Notifications](/v1/docs/notification-rules). ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/automation-finding-processing-cisa-bod.gif) > [!NOTE] > **NOTE:** When evaluating **CISA Known Exploited Vulnerabilities (KEV)** status across Findings, Nucleus currently only checks the **primary CVE** in each finding’s vulnerability intelligence record. If a finding contains multiple CVEs, only the first (primary) CVE determines whether the finding is marked as KEV-true.