The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.