Categories: US-Cert-Repository

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise



Original release date: January 6, 2021

CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

  • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1 HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

The updated supplemental guidance also includes forensic analysis and reporting requirements.

CISA has also updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update includes new information on initial access vectors, updated mitigation recommendations, and new indicators of compromise (IOCs).

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review CISA Emergency Directive 21-01 – Supplemental Guidance v.3 for recommendations on operating the SolarWinds Orion Platform. Review the following resources for additional information on the SolarWinds Orion compromise.

  • CISA Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
  • CISA Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
  • CISA webpage on the SolarWinds Orion Supply Chain Compromise

This product is provided subject to this Notification and this Privacy & Use policy.



Source link

admin

Leave a Comment
Share
Published by
admin
5 years ago

Recent Posts

CISA Releases 10 Industrial Control Systems Advisories

CISA released 10 Industrial Control Systems (ICS) advisories. These advisories provide timely information about current…

12 hours ago

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

1 day ago

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide…

3 days ago

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal…

4 days ago

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide…

5 days ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

7 days ago

This website uses cookies.