DIRECTION  HOME  OT  CISA  EMERGENCY  BINDING 

OT

Secure connectivity principles for Operational Technology (OT)

U.S. Cybersecurity and Infrastructure Security Agency (CISA)

ED 19-01: Mitigate DNS Infrastructure Tampering

ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday

ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday

ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday

ED 21-01: Mitigate SolarWinds Orion Code Compromise

ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities

ED 21-04: Mitigate Windows Print Spooler Service Vulnerability

ED 22-03: Mitigate VMware Vulnerabilities

ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems

Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems

Emergency Directives

ED 19-01: Mitigate DNS Infrastructure Tampering (Closed)

ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday (Closed)

ED 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday (Closed)

ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday (Closed)

ED 21-01: Mitigate SolarWinds Orion Code Compromise (Closed)

ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities (Closed)

ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities (Closed)

ED 21-04: Mitigate Windows Print Spooler Service Vulnerability (Closed)

ED 22-03: Mitigate VMware Vulnerabilities (Closed)

ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System (Closed)

ED 26-01: Mitigate Vulnerabilities in F5 Devices

ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices

Supplemental Direction ED 25-03: Core Dump and Hunt Instructions

ED 25-02: Mitigate Microsoft Exchange Vulnerability

Supplemental Direction V2: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

ED 22-02: Mitigate Apache Log4j Vulnerability (Closed)

Binding Operational Directives

BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services

BOD 25-01: Implementing Secure Practices for Cloud Services

BOD 23-02: Implementation Guidance for Mitigating the Risk from Internet-Exposed Management Interfaces

BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

BOD 23-01: Implementation Guidance for Improving Asset Visibility and Vulnerability Detection on Federal Networks

BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

BOD 20-01: Develop and Publish a Vulnerability Disclosure Policy

BOD 19-02: Vulnerability Remediation Requirements for Internet-Accessible Systems

BOD 18-02: Securing High Value Assets

BOD 18-01: Enhance Email and Web Security

BOD 17-01: Removal of Kaspersky-branded Products

BOD 16-03: 2016 Agency Cybersecurity Reporting Requirements

BOD 16-02: Threat to Network Infrastructure Devices

BOD 16-01: Securing High Value Assets (Revoked)

BOD 15-01: Critical Vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments and Agencies’ Internet-Accessible Systems (Revoked)

Homeland Security Presidential Directive 7