On the 4th of October 2022 CISA released a binding operational directive 23-01 for improving asset visibility and vulnerability detection on federal networks. It can be seen here
The guidance is robust and focuses on frequency and coverage. It requires federal organisations to do the following, but the recommendations are applicable to all companies.
Implementation guidance is here
Below is a short mapping of the CISA directive and how Edgescan delivers its features.
|CISA 23-01 Directive||Edgescan Compliance|
|“Perform automated asset discovery every 7 days…..at minimum this discovery must cover the entire IPv4 space used by the agency.”||Edgescan delivers continuous asset discovery across IPV6, IPv4 and FQDN’s. Including both TCP, UDP, IP, DNS, Ports & Exposures and API Discovery. https://www.edgescan.com/platform/features-services/attack-surface-management/|
|“Initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days.”||Edgescan delivers continuous and on demand full stack (Web, API, Network/Device) vulnerability enumeration delivering validated vulnerability intelligence on a continuous basis.|
|“Initiate automated ingestion of vulnerability enumeration results (i.e., detected vulnerabilities) into the CDM Agency Dashboard within 72 hours of discovery completion (or initiation of a new discovery cycle if previous full discovery has not been completed).”||Edgescan integrates with a host of GRC, Vulnerability aggregators and ticketing systems in order to track and aid remediation. https://www.edgescan.com/technology-integrations/|
|“Develop and maintain the operational capability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA and provide the available results to CISA within 7 days of request.”||Edgescan is on demand, continuous and scheduled. Vulnerability enumeration is across the full stack to provide coverage and rigour.|
It’s clear that this should be a baseline approach to not just federal organisations but a minimum requirement for any business. When we review the past few years, most ransomware attacks were a result of a simple breach of systems like remote working services or unpatched firewalls (Exposed unmanaged services). This approach is an attempt to reduce the risk of breach via continuous visibility and vulnerability detection. Something Edgescan has been delivering since 2016!!
If you want to learn more about Edgescan, click the button below:
Marketing Executive of Edgescan