For the first time, the Cyber Safety Review Board (CSRB) has released a review of the December 2021 Log4j security vulnerability. The report highlights lessons learned, and makes independent, strategic, and actionable recommendations to the Secretary of Homeland Security.