CISA issued a Binding Operational Directive. BODs only are “binding” on federal executive branch agencies, but this is one time where if it is good for the feds, it is good for you.
The directive tells agencies to keep track of assets and vulnerabilities. They have six months to comply.
Specifically, they want agencies to do AUTOMATED asset discovery every 7 days and run vulnerability scans against every one of the assets detected every 14 days.
In addition, they need to have the ability to conduct an ON DEMAND scan within 72 hours if requested by CISA.
The goal of BOD 23-01, it said, is to maintain an up-to-date inventory of networked assets, identify software vulnerabilities, track an agency’s asset coverage and vulnerability signatures, and share that information to CISA on defined intervals.
Can you meet these requirements? If you need help, please contact us.
Credit: The Hacker News