Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.
Agencies must be prepared to remove identified networked management interfaces from exposure to the internet, or protect them with Zero-Trust capabilities that implement a policy enforcement point separate from the interface itself. CISA will monitor and support agency adherence, providing additional resources as needed. FCEB agencies should contact CISA at cyberdirectives@cisa.dhs.gov for additional information.
While BOD 23-02 strictly applies to FCEB agencies, this threat extends to every sector. CISA recommends all stakeholders review and adopt this guidance.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing…
CISA released three Industrial Control Systems (ICS) advisories on October 29, 2024. These advisories provide…
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors,…
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide…
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional…
This website uses cookies.