CISA Issues Directive for Federal Agencies to Secure Internet-Exposed Management Interfaces

June 13, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 23-02, titled 'Mitigating the Risk from Internet-Exposed Management Interfaces.' This directive mandates federal civilian agencies to either remove specific networked management interfaces from the public-facing internet or implement Zero Trust Architecture capabilities that enforce access control to the interface within 14 days of discovery. The recent threat campaigns have highlighted the severe risk posed to the federal enterprise due to improperly configured network devices. This directive is part of CISA and the broader U.S. government's effort to move the federal civilian enterprise into a more defensible posture, thereby reducing the attack surface of federal government networks.

CISA Director Jen Easterly stated, “Too often, threat actors are able to use network devices to gain unrestricted access to organizational networks, in turn leading to full-scale compromise.” She added, “Requiring appropriate controls and mitigations outlined in this Directive is an important step in reducing risk to the federal civilian enterprise. While this Directive only applies to federal civilian agencies, as the threat extends to every sector, we urge all organizations to adopt this guidance. When it comes to reducing cyber risk and ensuring resilience, we all have a role to play.”

As federal civilian agencies carry out this mandate, CISA will monitor and support agency adherence, providing additional resources as needed. CISA is dedicated to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies. The new directive can be found at Binding Operational Directive (BOD) 23-02.

The Cybersecurity and Infrastructure Security Agency, as the nation’s cyber defense agency and national coordinator for critical infrastructure security, leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure that Americans rely on daily. For more information, visit CISA.gov and follow CISA on Twitter, Facebook, LinkedIn, and Instagram.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.