- CISA Issues Binding Operational Directive Requiring Removal of Unsupported Edge Devices
- They pose “disproportionate and unacceptable risks” that can be easily corrected.
- Every organization should focus on hardware renewal, not just government
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning to federal agencies to remove edge devices that have reached or passed end of support (EOS) due to security fears.
U.S. government agencies have been given orders next year to remove affected devices and replace them with equipment still covered by vendor security updates.
The move comes amid growing cyberattacks, with malicious actors focusing on vulnerable devices that are no longer receiving security patches.
The US government must remove unsupported devices
The organization described edge devices as those that are accessible through the public Internet, such as firewalls, routers, switches, wireless access points, network security devices, and IoT edge devices.
CISA said devices past their expiration date now pose “disproportionate and unacceptable risks” to federal systems. However, despite the risk that some agencies could pose to the U.S. government, CISA has stated that this risk “can be remedied.”
“Agencies should refine their lifecycle management practices to identify hardware and software near their EOS date, plan for timely replacements, procure vendor-supported alternatives, and develop a plan to decommission EOS devices while minimizing disruption to agency operations,” reads the Binding Operational Directive (BOD 26-02).
CISA also reminded agencies of Memorandum M-22-09 (Moving the US Government Toward Zero Trust Cybersecurity Principles), which states that they should adopt measures such as multi-factor authentication (MFA), appropriate asset management, isolation of critical workloads, and data encryption to maximize security.
Although CISA does not plan to release a list of affected devices, the agency encourages all organizations (not just federal agencies) to follow the guidelines due to the increase in threats and ease of remediation.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
