Ethical Hacking News
CISA has issued a binding operational directive requiring federal agencies to remove unsupported edge devices from their networks within 12-18 months. The move aims to reduce the risk of compromise and protect against state-sponsored threat actors exploiting these devices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive to remove unsupported edge devices from federal networks. CISA is targeting these devices because they are increasingly exploited by state-sponsored actors to gain unauthorized access to targeted networks. The directive requires FCEB agencies to update, catalog, and decommission end-of-support edge devices within specific timeframes. Failure to comply may leave federal systems vulnerable to cyber threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) to remove unsupported edge devices from federal civilian executive branch (FCEB) networks, citing the increasing threat of state-sponsored actors exploiting these devices to gain unauthorized access to targeted networks.
The directive, titled "Mitigating Risk From End-of-Support Edge Devices," is part of CISA's efforts to strengthen asset lifecycle management for edge network devices and reduce the risk of compromise. According to the agency, persistent cyber threat actors are increasingly targeting unsupported edge devices, which are hardware and software that no longer receive updates or security patches from their original equipment manufacturers (OEMs).
"Unsupported devices pose a serious risk to federal systems and should never remain on enterprise networks," said Madhu Gottumukkala, CISA Acting Director. "By proactively managing asset lifecycles and removing end-of-support technology, we can collectively strengthen resilience and protect the global digital ecosystem."
The directive requires FCEB agencies to undertake several actions within specific timeframes:
1. Update each vendor-supported edge device running end-of-support software to a vendor-supported version (with immediate effect).
2. Catalog all devices to identify those that are end-of-support and report them to CISA (within three months).
3. Decommission all edge devices that are end-of-support and listed in the edge device list from agency networks and replace them with vendor-supported devices that can receive security updates (within 12 months).
4. Decommission all other identified edge devices from agency networks and replace with vendor-supported devices that can receive security updates (within 18 months).
5. Establish a lifecycle management process to enable continuous discovery of all edge devices and maintain an inventory of those that are/will reach end-of-support (within 24 months).
CISA has developed an end-of-support edge device list, which serves as a preliminary repository with information about devices that have already reached end-of-support or are expected to lose support. This list includes the product name, version number, and end-of-support date.
The agency emphasizes the importance of proactive management of edge network devices to mitigate the risk of compromise. "State-sponsored threat actors are increasingly exploiting unsupported edge devices as a preferred access pathway for breaking into target networks," CISA warned.
Threat actors are attracted to these devices because they often contain privileged access and are positioned at the network perimeter, making them particularly vulnerable to exploitation.
The directive is part of CISA's broader efforts to enhance federal cybersecurity posture and protect against emerging threats. By prioritizing asset lifecycle management and removing unsupported edge devices from federal networks, FCEB agencies can strengthen their overall security posture and reduce the risk of compromise.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Issues-Urgent-Directive-to-Remove-Unsupported-Edge-Devices-from-Federal-Networks-ehn.shtml
https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html
https://www.cisa.gov/news-events/news/cisa-orders-federal-agencies-strengthen-edge-device-security-amid-rising-cyber-threats
Published: Fri Feb 6 07:56:29 2026 by llama3.2 3B Q4_K_M
