CISA gives federal agencies one year to rip out end-of-life devices
3 months ago
- #cybersecurity
- #federal-agencies
- #CISA
- CISA mandates federal agencies to remove end-of-life devices within 12 months due to exploitation risks.
- Unsupported devices, including routers, firewalls, and IoT edge devices, are vulnerable to cyberattacks.
- Agencies must inventory end-of-life devices within three months and decommission them within a year.
- CISA will assist agencies and track compliance but won't publicly disclose the list of end-of-life devices.
- Nation-state actors, including from China and Russia, frequently target edge devices to infiltrate networks.
- Edge devices are attractive targets due to their network reach and integration with identity management systems.