While CISA’s directive only applies to United States federal agencies, it is encouraged and best practice that organizations also follow this timeline to patch their vulnerabilities. In cybersecurity, a timely patching schedule is an important factor of securing an environment, as many threat actors will attempt to exploit recently released 0-days before organizations have a chance to patch them. On top of a timely patching schedule, it is also important to employ a defense-in-depth strategy. As 0-days are unknown, detections that a company has will often not detect the 0-day itself. However, with a defense-in-depth strategy, they will detect a threat actor at a different portion of the attack chain.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-ios-bugs-exploited-as-zero-days/
