"CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) requiring federal agencies across the country to keep track of assets and vulnerabilities on their networks. Federal Civilian Executive Branch (FCEB) enterprises have been tasked with asset discovery and vulnerability enumeration, both of which are regarded as critical steps toward gaining greater visibility into risks confronting federal civilian networks. This includes performing automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days, as well as having the capability to do so on-demand within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have been established for Android and iOS devices and other devices not located on agency premises. According to BOD 23-01, the goal is to keep an inventory of networked assets up to date, identify software vulnerabilities, track an agency's asset coverage and vulnerability signatures, and share that information with CISA at predetermined intervals. This article continues to discuss the goals and directions of BOD 23-01.

THN reports "CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities"