U.S. Cybersecurity Agency Calls for Enhanced Asset Visibility, Vulnerability Detection

The Cybersecurity and Infrastructure Security Agency (CISA) issued on Oct. 3 issued a directive requiring federal civilian agencies to enhance accountability for what resides on their networks.

CISA is dedicated to employing its cybersecurity agencies to achieve better visibility and make appropriate risk reduction among federal civilian agencies. Enactment of the directive — Binding Operational Directive 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks – will considerably boost visibility into assets and vulnerabilities throughout the federal government. This will boost the capability of CISA as well as each of the agencies to identify, inhibit, and respond to cybersecurity occurrences and improve understanding and knowledge of trends in cybersecurity risk.

Over the last few years, the agency has been at work rigorously to achieve better visibility into the risk in front of federal civilian networks. The Biden administration and Congress have endorsed significant progress by supporting authorities and resources.

The directive goes on further to establish baseline requirements for all Federal Civilian Executive Branch, or FCEB, agencies to detect assets and susceptibilities on their networks and offer data to CISA on well-defined periods.

Moreover, the purpose of the directive is to accelerate significant development toward enhancing visibility into agency assets and associated vulnerabilities. While the requirements in this directive are not sufficient for comprehensive, modern cyber defense operations, they are an important step to address current visibility challenges at the component, agency, and FCEB enterprise level.

As it stands, the directive is an instruction for federal civilian agencies, however this does not apply to other institutions. CISA advises that private businesses and governments review the directive and focus on execution of thorough asset and vulnerability management programs.

In recognition of the cybersecurity awareness month, during the course of October, CISA, in alliance with the National Cybersecurity Alliance, will concentrate on what it means to “See Yourself in Cyber” by emphasising the steps that all Americans can take to raise the baseline for cybersecurity throughout the U.S. CISA will be involved with groups across the U.S. to encourage cyber hygiene, by promoting effective behaviours to keep people safe online.