CISA Directs Federal Agencies to Improve Cyber Threat Monitoring, Detection
Monday, October 03, 2022 | Comments

The Cybersecurity and Infrastructure Security Agency (CISA) issued “Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks,” which directs federal civilian agencies to better account for what resides on their networks.

Over the past several years, CISA has been working to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices. The Biden-Harris Administration and Congress have supported significant progress by providing key authorities and resources. The directive takes the next step by establishing baseline requirements for all federal civilian executive branch (FCEB) agencies to identify assets and vulnerabilities on their networks and provide data to CISA on defined intervals.

“Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected or under-protected assets,” said CISA Director Jen Easterly. “Knowing what’s on your network is the first step for any organization to reduce risk. While this directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber resilient nation.”

CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies. Implementation of this directive will significantly increase visibility into assets and vulnerabilities across the federal government, in turn improving capabilities by both CISA and each agency to detect, prevent and respond to cybersecurity incidents and better understand trends in cybersecurity risk.

The directive is a mandate for federal civilian agencies. However, CISA recommends that private businesses and state, local, tribal and territorial (SLTT) governments review it and prioritize implementation of rigorous asset and vulnerability management programs.




 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!


Education






Events
March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas
https://iwceexpo.com

More Events >

Site Navigation

Close