Security News > 2022 > October > CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency has issued a new Binding Operational Directive that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now.

To that end, Federal Civilian Executive Branch enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "Greater visibility into risks facing federal civilian networks."

"Doing so will ensure asset management and vulnerability detection practices that will strengthen their organization's cyber resilience," CISA said, adding it will help close gaps in the attack surface.

The goal of BOD 23-01, it said, is to maintain an up-to-date inventory of networked assets, identify software vulnerabilities, track an agency's asset coverage and vulnerability signatures, and share that information to CISA on defined intervals.

"Threat actors continue to target our nation's critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets," CISA Director Jen Easterly said in a statement.

While the directive is a mandate for federal civilian agencies, CISA is also urging all businesses, including private entities and state governments, to review and implement rigorous asset and vulnerability management programs.

News URL

https://thehackernews.com/2022/10/cisa-orders-federal-agencies-to.html