DIRECTION

U.S. Cybersecurity and Infrastructure Security Agency (CISA)

• ED 19-01: Mitigate DNS Infrastructure Tampering

• ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday

• ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday 

• ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday

• ED 21-01: Mitigate SolarWinds Orion Code Compromise

• ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

• ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities 

• ED 21-04: Mitigate Windows Print Spooler Service Vulnerability 

• ED 22-03: Mitigate VMware Vulnerabilities

• ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System 

Emergency Directives

• ED 19-01: Mitigate DNS Infrastructure Tampering (Closed)

• ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday (Closed)

• ED 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday (Closed)

• ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday (Closed)

• ED 21-01: Mitigate SolarWinds Orion Code Compromise (Closed)

• ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities (Closed)

• ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities (Closed)

• ED 21-04: Mitigate Windows Print Spooler Service Vulnerability (Closed)

• ED 22-03: Mitigate VMware Vulnerabilities (Closed)

• ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System (Closed)

• ED 26-01: Mitigate Vulnerabilities in F5 Devices

• ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices

• Supplemental Direction ED 25-03: Core Dump and Hunt Instructions

• ED 25-02: Mitigate Microsoft Exchange Vulnerability

• Supplemental Direction V2: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

• Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

• ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

• ED 22-02: Mitigate Apache Log4j Vulnerability (Closed)

Binding Operational Directives

• BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services

• BOD 25-01: Implementing Secure Practices for Cloud Services

• BOD 23-02: Implementation Guidance for Mitigating the Risk from Internet-Exposed Management Interfaces

• BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

• BOD 23-01: Implementation Guidance for Improving Asset Visibility and Vulnerability Detection on Federal Networks

• BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

• BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

• BOD 20-01: Develop and Publish a Vulnerability Disclosure Policy

• BOD 19-02: Vulnerability Remediation Requirements for Internet-Accessible Systems

• BOD 18-02: Securing High Value Assets

• BOD 18-01: Enhance Email and Web Security

• BOD 17-01: Removal of Kaspersky-branded Products

• BOD 16-03: 2016 Agency Cybersecurity Reporting Requirements

• BOD 16-02: Threat to Network Infrastructure Devices

• BOD 16-01: Securing High Value Assets (Revoked)

• BOD 15-01: Critical Vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments and Agencies’ Internet-Accessible Systems (Revoked)

• Homeland Security Presidential Directive 7