Categories: US-Cert-Repository

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces


Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself. 

Agencies must be prepared to remove identified networked management interfaces from exposure to the internet, or protect them with Zero-Trust capabilities that implement a policy enforcement point separate from the interface itself. CISA will monitor and support agency adherence, providing additional resources as needed. FCEB agencies should contact CISA at cyberdirectives@cisa.dhs.gov for additional information.

While BOD 23-02 strictly applies to FCEB agencies, this threat extends to every sector. CISA recommends all stakeholders review and adopt this guidance.
 



Source link

admin

Share
Published by
admin

Recent Posts

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide…

21 hours ago

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide…

2 days ago

CISA Adds One Known Exploited Vulnerability to Catalog

 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

3 days ago

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…

4 days ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

5 days ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…

6 days ago

This website uses cookies.