Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. News & Events
  3. Cybersecurity Directives
Share:
A blue background with cyber code

Cybersecurity Directives

The Cybersecurity and Infrastructure Security Agency (CISA) develops and oversees the implementation of “Binding Operational Directives (BODs)” and “Emergency Directives (EDs),” which require action on the part of certain federal agencies in the civilian Executive Branch.

News & Events

  • News
  • Events
  • Cybersecurity Alerts & Advisories
  • Directives
  • Request a CISA Speaker
  • Congressional Testimony
  • CISA Conferences
  • CISA Live!

Emergency Directives

Apr 02, 2024

ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Feb 09, 2024

Supplemental Direction V2: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

Jan 31, 2024

Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

Jan 19, 2024

ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

May 18, 2022

ED 22-03: Mitigate VMware Vulnerabilities

Apr 08, 2022

ED 22-02: Mitigate Apache Log4j Vulnerability (Closed)

Jul 13, 2021

ED 21-04: Mitigate Windows Print Spooler Service Vulnerability

Apr 20, 2021

ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities

Mar 03, 2021

ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Dec 13, 2020

ED 21-01: Mitigate SolarWinds Orion Code Compromise

Sep 18, 2020

ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday

Jul 16, 2020

ED 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday

Jan 14, 2020

ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday

Jan 22, 2019

ED 19-01: Mitigate DNS Infrastructure Tampering

Binding Operational Directives

Dec 17, 2024

BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services

Dec 17, 2024

BOD 25-01: Implementing Secure Practices for Cloud Services

Jun 13, 2023

BOD 23-02: Implementation Guidance for Mitigating the Risk from Internet-Exposed Management Interfaces

Jun 13, 2023

BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Oct 03, 2022

BOD 23-01: Implementation Guidance for Improving Asset Visibility and Vulnerability Detection on Federal Networks

Oct 03, 2022

BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

Nov 03, 2021

BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

Sep 02, 2020

BOD 20-01: Develop and Publish a Vulnerability Disclosure Policy

Apr 29, 2019

BOD 19-02: Vulnerability Remediation Requirements for Internet-Accessible Systems

May 07, 2018

BOD 18-02: Securing High Value Assets

Oct 16, 2017

BOD 18-01: Enhance Email and Web Security

Sep 13, 2017

BOD 17-01: Removal of Kaspersky-branded Products

Oct 17, 2016

BOD 16-03: 2016 Agency Cybersecurity Reporting Requirements

Sep 27, 2016

BOD 16-02: Threat to Network Infrastructure Devices

Jun 09, 2016

BOD 16-01: Securing High Value Assets (Revoked)

May 21, 2015

BOD 15-01: Critical Vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments and Agencies’ Internet-Accessible Systems (Revoked)

Dec 17, 2003

Homeland Security Presidential Directive 7

Federal Civilian Executive Branch Agencies List

Federal agencies are required to comply with DHS-developed directives.

These directives do not apply to statutorily defined “national security systems” nor to certain systems operated by the Department of Defense or the Intelligence Community.

View all agencies

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback