News & Events

In response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by malicious cyber threat actors, CISA issued Emergency Directive 24-01.

This Directive requires agencies to take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices.

FCEBs are directed to make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities by focusing on asset discovery and vulnerability enumeration.

This directive establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise and establishes requirements for agencies to remediate any such vulnerabilities included in the catalog.