Binding Operational Directive
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. The directive aims to reduce the threat of cyberattacks targeting the public sector by requiring agencies to remediate high-risk vulnerabilities within accelerated timeframes, in some cases as little as […]
CISA orders federal agencies to replace end-of-life edge devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. It also warned that end-of-life edge devices (including routers, firewalls, and network switches) leave federal systems vulnerable to newly discovered exploits and expose […]
CISA retires 10 emergency cyber orders in rare bulk closure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. CISA said this is the largest number of Emergency Directives it has closed at one time. “By statute, CISA issues […]
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of required secure configuration baselines (SCBs). While CISA has only finalized the SCBs for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to […]