CISA directive likely to drive investment costs, raise need for more staff, update technology and processes

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued earlier this week a Binding Operational Directive that mandates federal civilian executive branch (FCEB) agencies to enhance efforts to detect vulnerabilities and manage cybersecurity across their networks. The directive is expected to push up investment costs, lead to federal agencies updating technology and processes, while also driving a solid deployment plan with the additional need of staff to enact the plan. 

The directive also requires these federal civilian agencies to report detailed data about vulnerabilities to CISA at timed intervals using automated tools. It mandates that by Apr. 3, next year, all FCEB agencies must perform automated asset discovery every seven days, initiate vulnerability enumeration across all discovered assets, and automate the ingestion of the detected vulnerabilities into the CISA database. The directive also calls for developing and maintaining the operational capability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or subsets of vulnerabilities within 72 hours and more. 

Additionally, by Apr. 3, agencies and CISA, through the CISA’s Continuous Diagnostics and Mitigation (CDM) program, will deploy an updated CDM Dashboard configuration that enables access to object-level vulnerability enumeration data for CISA analysts, as authorized in President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity issued last May. 

Forrester analysts pointed out that security teams have been flying blind when trying to enumerate vulnerabilities on unknown assets for decades. “Organizations often have multiple or outdated configuration management databases, spreadsheets, or vulnerability scans limited to known IP

Read more

Explore the site

More from the blog

Latest News