The Cybersecurity and Infrastructure Security Agency recently issued a directive that will direct federal civilian agencies to better account for the content of their networks.
According to an Oct. 3 news release, Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, will establish baseline requirements for all Federal Civilian Executive Branch agencies to identify assets and vulnerabilities on their networks and provide data to CISA on a scheduled basis.
“Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected or under-protected assets,” CISA Director Jen Easterly said in the release. “Knowing what’s on your network is the first step for any organization to reduce risk. While this directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber resilient nation.”
The release states implementation of this directive will significantly increase visibility into assets and vulnerabilities across the federal government, improving CISA's and each agency's response to cybersecurity incidents.
CISA has been working the past several years to achieve greater visibility into security risks facing federal civilian networks, according to the release. The need was emphasized by the intrusion campaign targeting SolarWinds devices.
