CISA has ordered federal civilian agencies to remove end-of-life hardware and software from networks within 12 months after warning that unsupported edge devices are being widely exploited by sophisticated threat actors. Agencies must inventory listed devices within three months, decommission them within a year, implement continuous discovery within two years, and replace devices with ones that can receive security updates while CISA provides assistance and monitors compliance. #CISA #Fortinet
Keypoints
- CISA issued an operational directive requiring removal of unsupported devices from federal networks within 12 months.
- Agencies have three months to submit inventories of listed end-of-life devices to CISA.
- Unsupported edge devices like load balancers, firewalls, routers, switches, wireless access points and IoT are increasingly targeted by persistent, sometimes nation-state tied actors.
- CISA created a non-public EOS Edge Device List, will assist agencies with remediation, and will track compliance progress.
- Agencies must update or replace end-of-life devices with units that receive security patches and establish continuous discovery processes within two years.
Read More: https://therecord.media/cisa-gives-federal-agencies-one-year-end-of-life-devices