FHFA’s Chief Information Officer should prioritize existing Office of Technology and Information Management resources based on the Plan of Action and Milestones to ensure that Cybersecurity and Infrastructure Security Agency Known Exploitable Vulnerabilities are remediated in accordance with Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 22-01 and FHFA’s Office of Technology and Information Management Vulnerability Management Process, Revision 2.7 (September 7, 2022).