Known Exploited Vulnerability (KEV)
Also: known exploited vulnerability, known exploited vulnerabilities, KEV, KEVs
Definition
Verbatim from FedRAMP/rules
Has the meaning given in CISA Binding Operational Directive 22-01, which is any vulnerability identified in CISA's Known Exploited Vulnerabilities catalog.
Used in 2 rule requirements
This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.
References
Change history
2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.