go to sections menu

CISA Updates Emergency Directive from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > CISA Updates Emergency Directive

Go to Homepage, contents or to navigation menu

CISA Updates Emergency Directive

I wasn’t originally going to cover this at all, however, I recently subscribed to a podcast called “Cyber Wire Daily” which releases podcasts every day on the goings on in the Cyber Security industry.

While I need to catch up with this podcast, one of the recent podcasts listed covers this so I thought I should better cover this. CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise is the entire title of this and is linked here for you.

There are links throughout that might be of interest to boot, so go ahead and check it out and see if there is something you need to know about within this linked item.

I read a lot of this, however, I’m not really sure how to cover this on a podcast since I don’t know people specifically effected.

There are two items that caught my attention when I initially read this.

  • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises
    should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1
    HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes
    updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic
    analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

There might be something you need to pass on to your superiors who deal with this, so please check this out and see if it applies to you.

Informazioni sull'articolo

CISA Updates Emergency Directive was released on January 7, 2021 at 1:15 pm by tech in article commentary.
Last modified: January 7, 2021.

Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu