Statement from CISA Acting Director Wales on Executive Order to Improve the Nation’s Cybersecurity and Protect Federal Networks

WASHINGTON – Yesterday, President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks.  Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales released the following statement:
Last Published Date: May 13, 2021

Mitigating the Impacts of Doxing on Critical Infrastructure

Organizations are using online spaces now more than ever to conduct business operations. While critical, the increased use of online spaces also heightens concerns over the risk of doxing. CISA encourages individuals and organizations to take an active role in protecting themselves by controlling the information that is shared and stored online and implementing a series of best practices.

Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

CISA Issues Emergency Directive Requiring Federal Agencies to Check Pulse Connect Secure Products

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-03 today requiring federal civilian departments and agencies running Pulse Connect Secure products to assess and mitigate any anomalous activity or active exploitation detected on their networks. All affected agencies are required to use the Pulse Connect Secure Integrity Tool to check the integrity of their file systems, and if mismatches or new files are found, they must take mitigation actions and contact CISA for potential incident response activities.
Last Published Date: April 20, 2021

Multi-factor authentication (MFA) 

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database. 

Domain-Based Message Authentication, Reporting and Conformance (DMARC) 

The DMARC product was created to call attention to an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.