The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive (ED) requiring federal agencies to address critical vulnerabilities in Ivanti products. These vulnerabilities could allow attackers to remotely take control of affected systems. CISA is urging all organizations to take immediate action to mitigate the risks.
The ED outlines specific actions that federal agencies must take to mitigate the vulnerabilities, including:
- Identifying and patching vulnerable systems
- Implementing mitigations such as network segmentation and access controls
- Disabling vulnerable products if necessary
- Reporting any compromises to CISA
CISA is also encouraging all organizations to take steps to address the vulnerabilities, even if they are not subject to the ED. These steps include:
- Reviewing the list of affected Ivanti products
- Patching any vulnerable systems
- Implementing mitigations to reduce the risk of exploitation
- Reporting any compromises to CISA
The Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency responsible for protecting critical infrastructure from cyber threats. CISA provides a variety of resources to help organizations mitigate cybersecurity risks, including:
- Cybersecurity advisories and alerts
- Best practices for securing critical infrastructure
- Incident response guidance
