CISA orders better vulnerability detection, reporting for federal agencies

CyberScoop reports that federal civilian agencies have been ordered by the Cybersecurity and Infrastructure Security Agency to provide regular reports on software vulnerabilities as part of a new directive aimed at improving vulnerability detection and asset visibility in federal networks. Such a directive indicates CISA's evolving role in helping bolster network visibility across government agencies following the widespread SolarWinds supply chain attack, said CISA Director Jen Easterly. "This is a movement essentially to allow CISA, in its role as operational lead for federal cybersecurity, to manage federal cybersecurity as an enterprise," Easterly noted. Requiring software vulnerability reporting would also help CISA better understand varying cybersecurity postures of agenices, said Easterly, who also noted the directive's importance amid continuous cyberattacks against U.S. government networks and critical infrastructure. "While this directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks," she added.