CISA mandates federal civilian agencies to report software vulnerabilities

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) will require federal civilian agencies to boost efforts to detect vulnerabilities in their networks.

According to Cyberscoop, the binding operational directive – named The Improving Asset Visibility Detection on Federal Networks – is designed to boost asset visibility and vulnerability detection on federal networks.

CISA director Jen Easterly noted that federal civilian agencies will now be expected to report detailed data about vulnerabilities to CISA at timed intervals using automated tools.

She added, “We have said consistently that we are on an urgent path to gain visibility into risks facing federal civilian networks. This is a movement essentially to allow CISA, in its role as operational lead for federal cybersecurity, to manage federal cybersecurity as an enterprise.”

Easterly mentioned that the development of the directive reflects CISA’s ‘rapidly maturing role’ of helping agencies improve network visibility.

She remarked, “Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets. While this directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks.”

US federal cyber officials recently asked industry leaders to help shape the regulatory structure for cybersecurity incident reporting.

This was reported on behalf of Cybersecurity and Infrastructure Security Agency director Jen Easterly.

This framework follows the newly passed law by President Biden that requires critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware attacks within 24 hours.

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.