- CISA has issued a binding operational directive requiring the removal of unsupported edge devices
- They pose “disproportionate and unacceptable risks” which can be easily remedied
- Every organization should focus on renewing hardware, not just the government
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning to federal agencies to remove edge devices that have reached or passed the end of support (EOS) due to security concerns.
US government agencies have been given the next year to remove affected devices and replace them with equipment still covered by the vendor’s security updates.
The push comes against a backdrop of increasing cyber attacks, where threat actors are targeting vulnerable devices that are no longer receiving security patches.
The US government has requested the removal of unsupported devices
The body described edge devices as those accessible through the public Internet, such as firewalls, routers, switches, wireless access points, network security appliances and IoT edge devices.
CISA said devices past their sell-by date now pose “disproportionate and unacceptable risks” to federal systems. Despite the risk some agencies may face with the US government, CISA said it is one that “can be remedied.”
“Agencies should mature their lifecycle management practices to identify hardware and software approaching their EOS dates, plan for timely replacements, procure vendor-supported alternatives, and develop a plan for decommissioning EOS devices while minimizing disruption to agency operations,” reads the binding operational directive (BOD 26-02).
CISA also reminded agencies of Memorandum M-22-09 (Moving the US Government Toward Zero Trust Cybersecurity Principles), whereby they should adopt measures such as multi-factor authentication (MFA), proper asset management, critical workload isolation and data encryption to maximize security.
Although CISA does not plan to publish a list of affected entities, the agency encourages all organizations (not just federal agencies) to follow the guidance due to increasing threats and ease of remediation.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
