All US government departments and agencies must enforce new hardware and software security regulations within 60 days, the Cybersecurity and Infrastructure Security Agency (CISA) announced in a new directive issued on Wednesday.
"Within 60 days of issuance, agencies shall review and update agency internal vulnerability management procedures in accordance with this Directive," the directive said. "These required actions apply to any federal information system."
All the government entities must establish a process for ongoing remediation of vulnerabilities that CISA will identify as carrying significant risk to the federal enterprise within a timeframe set by it, the directive said.
"[Each agency or department must] remediate each vulnerability according to the timelines set forth in the CISA-managed vulnerability catalogue. The catalogue will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 months for vulnerabilities," the directive added.
In line with requirements for the Continuous Diagnostics and Mitigation (CDM) Federal Dashboard deployment and other requirements, agencies are expected to automate data exchange and report their respective directive implementation status through the CDM Federal Dashboard, according to the directive. (ANI/Sputnik)
( With inputs from ANI )
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor