CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

Category: Wordpress News
Original source: thehackernews.com
Read time: < 2 minutes
Sentiment bias: Positive
Sentiment Score: 0.71333
Published: Oct 6th, 2022
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

Quick Read

To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks.
" While the directive is a mandate for federal civilian agencies, CISA is also urging all businesses, including private entities and state governments, to review and implement rigorous asset and vulnerability management programs.
" This involves carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA.
Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premises networks.
"Doing so will ensure asset management and vulnerability detection practices that will strengthen their organization's cyber resilience," CISA said, adding it will help close gaps in the attack surface.
The goal of BOD 23-01, it said, is to maintain an up-to-date inventory of networked assets, identify software vulnerabilities, track an agency's asset coverage and vulnerability signatures, and share that information to CISA on defined intervals.
"Threat actors continue to target our nation's critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets," CISA Director Jen Easterly said in a statement.

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks." This involves carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premises networks. "Doing so will ensure asset management and vulnerability detection practices that will strengthen their organization's cyber resilience," CISA said, adding it will help close gaps in the attack surface. The goal of BOD 23-01, it said, is to maintain an up-to-date inventory of networked assets, identify software vulnerabilities, track an agency's asset coverage and vulnerability signatures, and share that information to CISA on defined intervals. "Threat actors continue to target our nation's critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets," CISA Director Jen Easterly said in a statement. "Knowing what's on your network is the first step for any organization to reduce risk." While the directive is a mandate for federal civilian agencies, CISA is also urging all businesses, including private entities and state governments, to review and implement rigorous asset and vulnerability management programs.
The Original Article can be found on thehackernews.com

Recent Wordpress News Articles

BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial frau …

Read more here
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million
Five Steps to Mitigate the Risk of Credential Exposure

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for ac …

Read more here
Five Steps to Mitigate the Risk of Credential Exposure
Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity nee …

Read more here
Back to Basics: Cybersecurity's Weakest Link
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy …

Read more here
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Latest News
Help & How To's
Around the Web