CISA

5G Potential Threat Vectors

CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.

CISA Administrative Subpoena

The Cybersecurity and Infrastructure Security Agency (CISA) works around the clock to identify and mitigate cybersecurity vulnerabilities in the digital systems that underpin much of our nation’s critical infrastructure. A key element of these efforts includes notifying critical infrastructure entities of vulnerabilities in their systems. However, at times CISA analysts identify or receive information about vulnerable systems, but cannot determine contact information for the owners or operators of the systems.

Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

CISA Issues Emergency Directive Requiring Federal Agencies to Check Pulse Connect Secure Products

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-03 today requiring federal civilian departments and agencies running Pulse Connect Secure products to assess and mitigate any anomalous activity or active exploitation detected on their networks. All affected agencies are required to use the Pulse Connect Secure Integrity Tool to check the integrity of their file systems, and if mismatches or new files are found, they must take mitigation actions and contact CISA for potential incident response activities.
Last Published Date: April 20, 2021

April is National Supply Chain Integrity Month - Week 3

During the third week of National Supply Chain Integrity Month, CISA is emphasizing the importance of understanding supply chain threats. As technology evolves, so does the threat environment. Of particular importance is securing information and communications technology (ICT) supply chains. With ICT serving as the bedrock for the nation’s critical infrastructure, their supply chains are valuable targets for adversaries seeking to steal, compromise, alter, or destroy sensitive information being stored in and communicated through ICT