Unofficial local KEV worksheet
CISA KEV / BOD 22-01 Deadline Planner
Paste CVEs, scanner CSV, or vuln-management notes. The tool extracts CVE IDs, matches the bundled CISA Known Exploited Vulnerabilities catalog, prioritizes overdue and due-soon entries, and exports a BOD 22-01 remediation due-date queue.
Queue Summary
Matched catalog entries
Prioritized KEV Queue
| CVE | Vendor / Product | Due Date | Status | Ransomware | Required Action |
|---|
Use Cases
- Turn a scanner export into a KEV remediation queue.
- Find overdue CISA KEV and BOD 22-01 due dates before a weekly security review.
- Flag known-ransomware-use KEVs for a vulnerability management meeting.
- Copy a compact Markdown queue into a ticket, memo, or change-control note.
BOD 22-01 Planning
- Use the KEV due date as a planning target, then verify whether BOD 22-01 applies to the system and asset owner.
- Copy the Markdown memo into a ticket with catalog date, due date, known-ransomware-use flag, and required action text.
- Export ICS holds for due-soon entries so the remediation owner has calendar pressure before the cutoff.
Sources
- CISA Known Exploited Vulnerabilities Catalog
- CISA KEV JSON feed
- CISA BOD 22-01 directive
- CISA kev-data mirror
- Project notes and no-tracking details
- h4cker threat-intelligence tools listing
- Tiny Tool Town listing
- Awesome Compliance listing
- No-Login Tools pending-review listing
- No-Login Tools pending-verification badge
Boundaries
This is an unofficial informational worksheet. It is not CISA affiliation, legal advice, security advice, remediation advice, BOD 22-01 compliance advice, a scanner, a vulnerability validation service, or a guarantee that a finding applies to your environment.
CVEs that are not in the bundled CISA KEV snapshot are shown as not found instead of looked up from general vulnerability databases.
Data snapshot: loading. Verify current status against CISA and vendor instructions before acting.