Home / News / DHS Tasks Agencies to Comply With ‘Cyber Hygiene’ Directive

DHS Tasks Agencies to Comply With ‘Cyber Hygiene’ Directive

The Department of Homeland Security released a binding operational directive on Monday urging federal agencies to continue complying with regulation that requires periodic assessments of critical network vulnerabilities.

BOD 19-02 is directing agencies to take action based on the Cybersecurity and Infrastructure Security Agency’s “Cyber Hygiene” reports under BOD 15-01, which was issued in 2015 to fortify the federal government’s security posture.

BOD 15-01 requires federal agencies to address the vulnerabilities of their internet-facing systems as identified in their Cyber Hygiene reports within 30 days.  As part of the new directive, DHS requires agencies to ensure that critical vulnerabilities identified in Cyber Hygiene reports are remediated within 15 days and high vulnerabilities within 30 days. 

Agencies are also required to ensure that Cyber Hygiene personnel have access to scan their networks. CISA will provide agencies with a remediation plan for overdue corrective actions if the deadline was not followed.

CISA works with the National Cybersecurity and Communications Integration Center as well as the Office of Management and Budget to identify critical cyber vulnerabilities and allocate proper resources for agencies in need of cybersecurity assistance.

Check Also

SBA OIG: Agency Addresses Majority of Mgmt Issues

Hannibal Ware, the Small Business Administration's inspector general, has reported progress in addressing significant issues faced by the agency across operations. The agency has implemented past recommendations and has made progress in multiple areas of management, SBA Office of the Inspector General said Friday.