GRC Viewpoint

New CISA Directive for US Federal Agencies to Tackle Security Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new directive for the US federal agencies. The directive aims to establish a plan for rectifying hundreds of existing and exploited security vulnerabilities.

The agencies have about 60 days to analyse and upgrade vulnerability management procedures, says CISA.

This directive is inevitable for the entire federal, executive branch, sections, and agencies.

In those cases where a patch happened last year or before and an associated vulnerability is being exploited, agencies can take about six months deadline to finish patching.

The CISA directive focuses on the concept of keeping critical systems that are vulnerable to hacking updated. In other words, sorting hacks one after another might be a tedious and less advisable task. It is always a better idea to upgrade.

The order is applicable to the entire software and hardware part of federal information systems, whether tackled internally or hosted by 3rd parties.

“Every day, our adversaries are using known vulnerabilities to target federal agencies. As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors. The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber-attacks”, informs CISA Director Jen Easterly.

Enterprises in the private and public sector encounter several challenges while trying to prioritize restricted amount oof resources towards rectifying the possible vulnerabilities due to a damaging intrusion.

The latest directive tackles this issue by driving mitigations of any vulnerabilities that may be currently being exploited to attack businesses in the U.S and federal agencies. To achieve this, existing methods are extensively used to prioritize vulnerabilities.

Related Articles

Latest Articles