Ethical Hacking News
CISA has issued a new binding operational directive requiring federal agencies to replace end-of-life edge devices that no longer receive security updates from manufacturers. The move is aimed at preventing exploitation by advanced threat actors and securing federal networks against emerging cybersecurity threats.
Federal agencies must identify and replace end-of-life edge devices that no longer receive security updates from manufacturers. The directive aims to prevent exploitation by advanced threat actors through the decommissioning of end-of-support (EOS) hardware and software on federal networks. CISA warns that network edge devices are vulnerable to cyber exploits targeting newly discovered, unpatched vulnerabilities. The move is part of CISA's effort to secure federal networks against emerging cybersecurity threats, including ransomware attacks. Federal agencies have 12 months to decommission devices that reached end-of-support before the directive's issuance date. All identified end-of-support edge devices must be replaced with vendor-supported equipment receiving current security updates within 18 months.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive (BOD) requiring federal agencies to identify and replace end-of-life edge devices that no longer receive security updates from manufacturers. The directive, known as BOD 26-02, mandates the decommissioning of end-of-support (EOS) hardware and software on federal networks to prevent exploitation by advanced threat actors.
The move is a response to the growing threat of ransomware attacks and other cybersecurity threats that target network edge devices, such as routers, firewalls, and network switches. CISA warned that these devices are especially vulnerable to cyber exploits targeting newly discovered, unpatched vulnerabilities, and that they no longer receive supported updates from the original equipment manufacturer.
"The imminent threat of exploitation to agency information systems running EOS edge devices is substantial and constant, resulting in a significant threat to federal property," said CISA. "CISA is aware of widespread exploitation campaigns by advanced threat actors targeting EOS edge devices."
The BOD 26-02 requires immediate action on vendor-supported devices running end-of-support software for which updates are available, and an inventory of all devices on CISA's end-of-support list within three months. Federal agencies also have 12 months to decommission devices that reached end-of-support before the directive's issuance date. Within 18 months, all identified end-of-support edge devices must be replaced with vendor-supported equipment receiving current security updates.
In addition to replacing end-of-life edge devices, CISA encourages federal agencies to establish continuous discovery processes within 24 months to identify edge devices and maintain inventories of equipment and software approaching end-of-support status.
This move is part of a larger effort by CISA to secure federal networks against emerging cybersecurity threats. In June 2023, CISA issued BOD 23-02, which requires federal civilian agencies to secure misconfigured or Internet-exposed management interfaces, such as routers, firewalls, proxies, and load balancers.
The announcement comes months after CISA warned critical infrastructure organizations if they have network devices vulnerable to ransomware attacks as part of a new Ransomware Vulnerability Warning Pilot (RVWP) program. The move highlights the growing importance of cybersecurity in protecting federal networks against emerging threats.
CISA has been working closely with federal agencies to implement security measures and provide guidance on how to protect against these types of threats. The agency's efforts are part of a broader effort to improve the nation's cybersecurity posture and prevent potential disruptions to critical infrastructure.
The directive's requirements apply only to U.S. Federal Civilian Executive Branch (FCEB) agencies, but CISA encourages all network defenders to follow the guidance in this fact sheet to secure systems, data, and operations against threat groups targeting network edge devices in ongoing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-Federal-Agencies-to-Replace-End-of-Life-Edge-Devices-to-Prevent-Cybersecurity-Threats-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-replace-end-of-life-edge-devices/
Published: Fri Feb 6 02:46:31 2026 by llama3.2 3B Q4_K_M
