Home / News / DHS Tasks Agencies to Comply With ‘Cyber Hygiene’ Directive

DHS Tasks Agencies to Comply With ‘Cyber Hygiene’ Directive

The Department of Homeland Security released a binding operational directive on Monday urging federal agencies to continue complying with regulation that requires periodic assessments of critical network vulnerabilities.

BOD 19-02 is directing agencies to take action based on the Cybersecurity and Infrastructure Security Agency’s “Cyber Hygiene” reports under BOD 15-01, which was issued in 2015 to fortify the federal government’s security posture.

BOD 15-01 requires federal agencies to address the vulnerabilities of their internet-facing systems as identified in their Cyber Hygiene reports within 30 days.  As part of the new directive, DHS requires agencies to ensure that critical vulnerabilities identified in Cyber Hygiene reports are remediated within 15 days and high vulnerabilities within 30 days. 

Agencies are also required to ensure that Cyber Hygiene personnel have access to scan their networks. CISA will provide agencies with a remediation plan for overdue corrective actions if the deadline was not followed.

CISA works with the National Cybersecurity and Communications Integration Center as well as the Office of Management and Budget to identify critical cyber vulnerabilities and allocate proper resources for agencies in need of cybersecurity assistance.

Check Also

Air Force Revising Medical Treatment Model for Active, Non-Active Duty Airmen

The U.S. Air Force is reforming its health care model to establish separate treatment operations for active and non-active duty servicemen, Federal News Network reported Monday. Lt. Gen. Dorothy Hogg, surgeon general for the Air Force, told the publication that the new model for preventative and personalized health care is aimed at clearly defining responsibilities under the military branch’s missions for medical readiness.