Using Attack Surface Management to Address Binding Operational Directive (BOD) M-22-09 and 23-01
On January 26, 2022, the Office of Management and Budget (OMB) published Binding Operational Directive (BOD) M-22-09 titled “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The M-22-09 directive also has further clarification provided by CISA in the BOD 23-01 for all federal civilian agencies issued on October 3, 2022.