Looking to finally modernize and secure federal government networks, the Cybersecurity and Infrastructure Security Agency (CISA) on Feb. 5 gave civilian agencies one year to replace all end-of-support (EoS) edge devices.Under its binding operational directive (BOD) 26-02, CISA said edge devices are attractive targets for hackers because of their extensive reach into agency networks and integrations with identity management systems.CISA also pointed out that EoS devices — which are often decades old at federal agencies — no longer receive supported updates from the original equipment manufacturer, exposing federal systems to "disproportionate and unacceptable risks."Agencies will have three months to conduct an inventory of their EoS devices and will decommission all identified appliances after a year. Within two years, agencies have to create a process for the continuous discovery of EoS devices.According to CISA, EoS refers to all hardware devices, firmware, and software versions that no longer receive timely, supported updates from the original equipment manufacturer, including patches for CVEs, security updates, software fixes, and defects.
Related reading:
Edge devices are defined as appliances that reside on the boundary of an agency’s network and are accessible from the public internet. This includes load balancers, firewalls, routers, switches, wireless access points, network security appliances, IoT edge devices, software defined networks, and other physical or virtual network devices responsible for routing network traffic and offering privileged access.
Governance, Risk and Compliance, Government security, Endpoint/Device Security, Network Security
CISA gives federal agencies one year to replace outdated edge devices

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



