The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Thursday that it has retired ten Emergency Directives issued between 2019 and 2024.
The directives now officially closed include:
- ED 19-01: Mitigate DNS Infrastructure Tampering
- ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
- ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
- ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
- ED 21-01: Mitigate SolarWinds Orion Code Compromise
- ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
- ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
- ED 21-04: Mitigate Windows Print Spooler Service Vulnerability
- ED 22-03: Mitigate VMware Vulnerabilities
- ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of the Microsoft Corporate Email System
CISA stated that these directives were originally issued to protect Federal Civilian Executive Branch agencies from significant cybersecurity risks. The agency worked closely with federal partners to remediate the identified issues, integrate industry best practices, and strengthen overall system resilience.
According to CISA, Emergency Directives are published to ensure rapid mitigation of emerging threats. The agency confirmed that all required actions under these directives have either been fully implemented or are now enforced through Binding Operational Directive 22-01, which focuses on reducing the risk posed by known exploited vulnerabilities.
CISA Acting Director Madhu Gottumukkala emphasized the agency’s role in federal cybersecurity, noting that CISA applies its authorities to reinforce federal systems and address unacceptable risks, particularly those linked to hostile nation-state actors. He added that closing these ten Emergency Directives demonstrates CISA’s commitment to strong operational collaboration across the federal enterprise.
Gottumukkala emphasized that CISA personnel maintain daily collaboration with stakeholders to eliminate long-term vulnerabilities, manage new security risks, and deliver urgent defense strategies. He noted the agency remains committed to "Secure by Design" standards by prioritizing open communication, customizable security settings, and seamless system compatibility to ensure organizations can effectively safeguard their varied technological infrastructures.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
