Beginning in 2019, the Cybersecurity and Infrastructure Security Agency (CISA) began releasing their Risk and Vulnerability Assessment report. This report compiled several months of testing, audits and remediation efforts carried out on behalf of federal entities. Their assessments of these stakeholders helped them identify common attack vectors, the effectiveness of these attack vectors and how IT systems were responding to these attacks.
Recently, CISA released their report for FY 2020. While some of the information in the report is insightful and informative, much of it is also becoming unfortunate common knowledge.