CISA issues binding operational directive requiring agencies to secure internet-facing networked device systems

The Cybersecurity and Infrastructure Security Agency is giving agencies 14 days to secure internet-facing network management systems under a new binding operational directive issued in response to recent security compromises.

“As agencies and organizations have gained better visibility of their networks and improved endpoint detection and response, threat actors have adjusted tactics to evade these protections by targeting network devices supporting the underlying network infrastructure. Recent threat campaigns underscore the grave risk to the federal enterprise posed by improperly configured...