◈ AI Security Intelligence ← All terms
Governance  ·  Glossary

Binding Operational Directive (BOD)

Definition
A mandatory US federal security instruction issued by CISA (the government's cyber agency) that all civilian federal agencies must comply with. BODs set specific, enforceable requirements — such as patching a vulnerability within a defined number of days — and carry consequences for non-compliance.
Why it matters
BODs now explicitly cite AI-accelerated threat timelines as justification for dramatically shorter patch windows (e.g. three days for critical flaws under BOD 26-04). Federal contractors and regulated-industry companies should treat BODs as leading indicators of where commercial compliance expectations are heading.
Demonstrated by recent findings
CISA Binding Operational Directive BOD 26-04: Risk-Based Vulnerability Prioritisation — 3-Day Fix Window for Critical FlawsCISA Issues Binding Operational Directive BOD 26-04 — Risk-Matrix Patching Framework Explicitly Cites AI-Accelerated Exploitation
References
CISA Binding Operational Directives
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →