Identify CISA KEV vulnerabilities for compliance

We added a new Known Exploited Vulnerabilities (KEV) filter to help you identify risks that the Cybersecurity and Infrastructure Security Agency (CISA) tracks as already exploited in the wild. While we already allow you to filter vulnerabilities and Common Vulnerabilities and Exposures (CVE) by their exploit maturity level, this update specifically targets the CISA KEV catalog. You can find this filter on any page where issue filters are available to help you manage your security backlog.

The CISA KEV catalog is a vital resource for meeting global security standards. For instance, FedRAMP requires strict remediation service-level agreements (SLAs) for any vulnerability listed in this catalog. Furthermore, the European Union Cyber Resilience Act (EU CRA) mandates that organizations actively monitor for vulnerabilities found in the CISA KEV catalog. We’re providing this filter to automate this visibility and help you maintain compliance across different regulatory environments.

You can now isolate vulnerabilities within the CISA KEV catalog with a single click. This helps you prioritize remediation based on documented real-world exploitation rather than just theoretical risk. By using this filter, you ensure your team addresses the specific issues that auditors and regulators prioritize, reducing the manual effort needed to cross-reference your backlog against federal and international mandates.

To learn more, visit Issue vulnerability details in our user documentation.