
News & Events
Read and watch the latest news, multimedia, and other important communications from CISA. View a calendar of upcoming events CISA hosts and participates in.
Featured Articles
View More ArticlesCISA, NSA and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide
SEP 03, 2025
| PRESS RELEASE
CISA, NSA, and 19 international partners release a shared vision of Software Bill of Materials (SBOM) highlighting the importance of SBOM in securing global supply chains & enhancing software resilience worldwide.
CISA Announces Nicholas Andersen as New Executive Assistant Director for Cybersecurity
SEP 02, 2025
| PRESS RELEASE
CISA Announces Nicholas Andersen as New Executive Assistant Director for Cybersecurity.
CISA and Partners Providing Real-Time Incident Response to Cyber Attack on State of Nevada
AUG 27, 2025
| PRESS RELEASE
CISA and its public and private sector partners are working closely with officials in Nevada as they respond to an August 24th cyber-attack targeting the state and impacting essential services.
CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
AUG 27, 2025
| ALERT
This cybersecurity advisory details People’s Republic of China state-sponsored Advanced Persistent Threat actors targeting critical infrastructure across sectors and continents to maintain persistent, long-term access to networks.
Alerts & Directives
View More AdvisoriesED 25-02: Mitigate Microsoft Exchange Vulnerability
CISA issued Emergency Directive (ED) 25-02 in response to a newly disclosed vulnerability affecting Microsoft Exchange hybrid-joined configurations.
ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System
This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure.
BOD 25-01: Implementing Secure Practices for Cloud Services
This Directive complements existing federal resources for cloud security, including the Federal Risk and Authorization Management Program (FedRAMP), relevant NIST guidance, and the CISA Trusted Internet Connections (TIC) 3.0 Cloud Use Case.
BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
This Directive requires agencies to take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices.
Upcoming Events
View All EventsSEP
23
ISC Facility Security Committee Seminar - Regions 8, 9 & 10
SEMINAR | VIRTUAL/ONLINE
This seminar for Regions 8, 9, and 10 will walk through FSC procedures and responsibilities, discuss key updates to the Risk Management Process Standard and provide your committee with the resources to have an effective and compliant FSC.
SEP
25
OCT 22 - OCT 23
Federal Security Certification Virtual, Instructor-Led Training - October 2025
OTHER | VIRTUAL/ONLINE
OCT
28
Federal Security Certification Training - Pittsburgh, PA
OTHER | IN-PERSON
Register for the ISC FSCT on October 28! This in-Person training is a half-day, instructor-led course covering the ISC, ISC Risk Management Process Standard, and the roles and responsibilities of Facility Security Committees. The course is offered at no cost.
Media Inquiries
Please direct media inquiries to CISAMedia@cisa.dhs.gov or call 703-235-2010.