Original release date: June 29, 2021
In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.
While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.
CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released five Industrial Control Systems (ICS) advisories on July 29, 2025. These advisories provide…
CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian…
CISA released two Industrial Control Systems (ICS) advisories on July 31, 2025. These advisories provide…
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a…
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed…
Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and…
This website uses cookies.