The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a new directive - BOD 22-01 - requiring federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.
https://www.inforisktoday.co.uk/cisa-directs-federal-agencies-to-patch-known-vulnerabilities-a-17845