• CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today issuedBinding Operational Directive 26-02,Mitigating Risk From End-of-Support Edge Devices. • The directive requires Federal Civilian Executive Branch (FCEB) agencies to take specific actions to drive down technical debt and minimize the risk of compromise. • Within a specified timeframe, FCEB agencies must strengthen asset lifecycle management for active edge devices and remove any hardware and software devices that is no longer supported by its original equipment manufacturer. • Persistent cyber threat actors are increasingly exploiting unsupported edge devices - hardware and software that no longer receive vendor updates to firmware or other security patches. • Positioned at the network perimeter, these devices are especially vulnerable to persistent cyber threat actors exploiting a new or known vulnerability. • To mitigate this threat, CISA is requiring FCEB agencies to adhere to standard lifecycle management processes and mandatory actions within the required time limit in this directive.
Article Summaries:
- CISA has issued Binding Operational Directive 26‑02, mandating all Federal Civilian Executive Branch agencies to address the growing risk posed by end‑of‑support edge devices. Within a set timeframe, agencies must inventory and identify unsupported hardware and software, upgrade any devices still running out‑of‑support software to vendor‑supported versions, and remove all unsupported edge devices from their networks. The directive also requires agencies to establish continuous lifecycle‑management processes for edge devices such as routers, firewalls, IoT devices, and other network perimeter equipment. CISA will monitor compliance and provide support, urging non‑federal organizations to adopt similar measures to strengthen cyber resilience.
Sources: