FHFA’s Chief Information Officer should identify and secure the resources necessary to remediate identified internal critical, high, and medium exploitable vulnerabilities on the FHFA servers, workstations, and other devices in compliance with Cybersecurity and Infrastructure Security Agency Binding Operational Directive 22-01 and FHFA’s Office of Technology and Information Management Vulnerability Management Process, Revision 2.7 (September 7, 2022).