The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently published the Binding Operational Directive (BOD) 23-01 that requires U.S. federal agencies to make measurable progress toward enhancing visibility into asset discovery and vulnerability. This directive includes several requirements that may not be fully addressed by vulnerability management or endpoint detection and response (EDR/XDR) solutions. Moreover, while many private sector firms may believe BOD 23-01 is only relevant U.S. federal agencies, that might not be true for the following reasons: