Ethical Hacking News
US government urges federal agencies to retire outdated edge devices within 12-18 months to reduce cyber risks and strengthen cybersecurity defenses.
Federal civilian agencies must manage edge network devices effectively.End-of-support edge devices pose a significant risk to federal systems and can be exploited by threat actors.The directive requires inventorying and reporting end-of-support devices, updating or replacing them with supported versions, and adopting strong lifecycle management.CISA encourages non-federal organizations to adopt similar actions to strengthen the security of their edge devices.Edge devices include firewalls, routers, switches, load balancers, wireless access points, IoT devices, and other network systems that route traffic and hold privileged access.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive to all federal civilian agencies, emphasizing the importance of managing edge network devices effectively. The directive, which was published in January 2026, requires federal agencies to strengthen their asset lifecycle management for active edge devices and remove any hardware and software devices that are no longer supported by its original equipment manufacturer (OEM).
According to CISA, end-of-support edge devices pose a significant risk to federal systems, as they no longer receive security updates from the OEM. These devices can be easily exploited by threat actors, who increasingly target unsupported edge devices sitting at the network perimeter. The agency warns that failing to address this issue could lead to serious consequences, including data breaches and compromised national security.
The directive requires federal agencies to take several steps to mitigate this risk. First, they must inventory all edge devices on their networks and report those that are end-of-support. Next, they must update or replace these devices with supported versions, remove unsupported hardware from their networks, and adopt strong lifecycle management to continuously track device status.
CISA Acting Director Madhu Gottumukkala emphasizes the importance of this initiative, stating that "unsupported devices pose a serious risk to federal systems and should never remain on enterprise networks." She further notes that "when the threat landscape demands decisive action, CISA will direct FCEB agencies to strengthen cyber resilience and build a stronger, safer digital infrastructure for America's future."
This directive is not limited to federal agencies alone. CISA strongly encourages non-federal organizations to adopt similar actions to strengthen the security of their edge devices. According to Nick Andersen, Executive Assistant Director for Cybersecurity at CISA, "practicing good cyber hygiene starts with eliminating unsupported edge devices." He adds that "driving timely risk reduction across the federal enterprise is critical, but true impact comes when all organizations commit to the same goal."
The agency also clarifies that edge devices include firewalls, routers, switches, load balancers, wireless access points, IoT edge devices, SDN components, and other network systems that route traffic and hold privileged access.
CISA has been actively promoting cybersecurity best practices for federal agencies. In 2025, the agency added several vulnerabilities to its Known Exploited Vulnerabilities catalog, including SmarterTools SmarterMail and React Native Community CLI flaws. The agency has also been tracking compliance with its guidelines and providing support as needed.
The directive is a significant step towards improving cybersecurity in the United States. By prioritizing the retirement of end-of-support edge devices, federal agencies can reduce their risk exposure and improve their overall security posture. CISA's efforts demonstrate the agency's commitment to protecting the nation's digital infrastructure from cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-Federal-Agencies-to-Prioritize-Cybersecurity-by-Retiring-End-of-Support-Edge-Devices-ehn.shtml
https://securityaffairs.com/187697/security/cisa-pushes-federal-agencies-to-retire-end-of-support-edge-devices.html
https://www.cisa.gov/news-events/news/cisa-orders-federal-agencies-strengthen-edge-device-security-amid-rising-cyber-threats
Published: Sat Feb 7 05:25:51 2026 by llama3.2 3B Q4_K_M
