CISA orders federal agencies to strengthen edge device security amid rising cyber threats
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices.
The directive requires Federal Civilian Executive Branch (FCEB) agencies to take specific actions to drive down technical debt and minimize the risk of compromise.
Within a specified timeframe, FCEB agencies must strengthen asset lifecycle management for active edge devices and remove any hardware and software devices that is no longer supported by its original equipment manufacturer.
Persistent cyber threat actors are increasingly exploiting unsupported edge devices – hardware and software that no longer receive vendor updates to firmware or other security patches. Positioned at the network perimeter, these devices are especially vulnerable to persistent cyber threat actors exploiting a new or known vulnerability.