• CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the successful retirement of ten Emergency Directives issued between 2019-2024. • Marking a significant milestone in federal cybersecurity, this is the highest number of Emergency Directives retired by the agency at one time. • These directives achieved their mission to mitigate urgent and imminent risks to Federal Civilian Executive Branch (FCEB) agencies. • Since their issuance, CISA has partnered closely with federal agencies to drive remediation, embed best practices and overcome systemic challenges - establishing a stronger, more resilient digital infrastructure for a more secure America. • By statute, CISA issues Emergency Directives to rapidly mitigate emerging threats and to minimize the impact by limiting directives to the shortest time possible. • Following a comprehensive review of all active directives, CISA determined that required actions have been successfully implemented or are now encompassed throughBinding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities.
Article Summaries:
- CISA announced the retirement of ten Emergency Directives (EDs) issued between 2019‑2024, the largest single‑time retirement in the agency’s history. The directives, which addressed vulnerabilities in DNS, Windows, SolarWinds, Microsoft Exchange, Pulse Connect Secure, VMware, and other critical systems, were deemed fully implemented or now covered by Binding Operational Directive 22‑01 and the Known Exploited Vulnerabilities catalog. Acting Director Madhu Gottumukkala said the closures demonstrate CISA’s success in mitigating urgent risks and strengthening federal cyber resilience. The agency will continue issuing directives as needed while advancing Secure‑by‑Design principles for federal agencies.
Sources: