CISA issues binding directive to agencies requiring tracking of network assets, software vulnerabilities

The Cybersecurity and Infrastructure Security Agency has issued a binding operational directive designed to improve visibility into federal agencies’ network assets, identify vulnerabilities in their software and share information back to CISA to conduct cumulative analysis.

“The purpose of this Binding Operational Directive is to make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities. While the requirements in this Directive are not sufficient for comprehensive, modern cyber defense operations, they are an important step to address current...