CISA Directive Requires Federal Agencies to Secure Network Devices
A new CISA directive requires agencies to "take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices."
The Binding Operational Directive 23-02 (https://www.cisa.gov/news-events/directives/binding-operational-directive-23-02), which outlines the steps required for compliance, defines a networked management interface as "a dedicated device interface that is accessible over network protocols and is meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself."
"Recent threat campaigns underscore the grave risk to the federal enterprise posed by improperly configured network devices," the directive states.
SUSE's "Securing the Cloud" trend report reflects industry concerns around cloud security, as "88 percent of professionals agreed that if they were certain about the integrity of
...
Use Express-Checkout link below to read the full article (PDF).
In the news: Red Hat Announces Ansible Lightspeed with IBM watsonx Code Assistant; Dell APEX Cloud Platform for Red Hat OpenShift Announced; NSA Offers Best Practices for OSS in Operational Technology Environments; Civil Infrastructure Platform Adds New Super-Long-Term Linux Kernel; HTTP/2 Protocol Exploited in Largest DDoS Attack Ever; Docker Announces Three New Products for Secure App Delivery; CloudBees Updates Jenkins and Offers New DevSecOps Platform; Linkerd 2.14 Released with Improved Multi-Cluster Support; NIST Releases Draft of Cybersecurity Framework v2.0; CISA and MITRE Announce Open Source Caldera for OT
In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification
In the news: CIQ Offers Long-Term Support for Rocky Linux on AWS; Apple's PQ3 Brings Post-Quantum Security to iMessage; Google Open Sources Magika File-Type Detection System; Microsoft Announces Sudo for Windows; Linux Foundation Launches Post-Quantum Cryptography Alliance; Sys Admins Saw the Biggest Average Salary Increase in 2023, According to Dice; Use of Open Source Software Increased Significantly in 2023; Docker Build Cloud Announced; Wi-Fi CERTIFIED 7 Announced; EU Commissions Nostradamus Project for Quantum Testing; and NIST Identifies Main Types of Adversarial Machine Learning Threats, GitLab Announces Critical Security Releases.
In the news: Palo Alto Networks Introduces Cortex Cloud; Canonical to Provide 12 Years of Kubernetes Support; Mirantis Releases Open Source k0rdent; D-Wave Now Offers On-Premises Quantum Computing Systems; IP Fabric 7.0 Released; UK Releases Code of Practice for Securing AI; Red Hat Releases Kubernetes-Native Connectivity Link; OpenVox Automation Framework Announced; Sysdig Launches Open Source Stratoshark for Cloud Observability; Data Center Electricity Demand Projected to Double or Triple by 2028; Red Hat Releases OpenShift Virtualization Tools; 16GB Raspberry Pi 5 Announced; Open Storage Network Adds More Sites.
