The Cybersecurity and Infrastructure Security Agency has retired 10 emergency directives issued over a five-year period, signaling that the immediate risks the directives were designed to address have been mitigated.
The Potomac Officers Club’s 2026 Cyber Summit on May 21 convenes public- and private-sector cybersecurity professionals to review evolving threats and federal security requirements as agencies work toward the Department of War’s 2027 zero trust deadline. Register now to be part of the conversation!
Table of Contents
Why Did CISA Retire the Emergency Directives?
CISA said Thursday that a review of all active emergency directives found them no longer necessary, noting that mandated actions have either been fully implemented or are now covered under Binding Operational Directive 22-01, which requires agencies to remediate flaws listed in CISA’s Known Exploited Vulnerabilities catalog.
Other directives were retired after changes in security practices and threat posture made the original requirements outdated.
“The closure of these ten Emergency Directives reflects CISA’s commitment to operational collaboration across the federal enterprise, said Madhu Gottumukkala, acting director at CISA. “Every day, CISA’s exceptional team works collaboratively with partners to eliminate persistent access, counter emerging threats, and deliver real-time mitigation guidance. Looking ahead, CISA continues to advance Secure by Design principles – prioritizing transparency, configurability, and interoperability - so every organization can better defend their diverse environments.”
Gottumukkala added that CISA will continue to issue emergency directives when conditions warrant “swift, decisive action,” particularly in response to nation-state cyber threats.
Which Emergency Directives Were Retired?
CISA confirmed the closure of the following emergency directives:
Legacy Infrastructure & System Threats
- ED 19-01: DNS infrastructure tampering
- ED 20-02: Windows vulnerabilities
- ED 20-03: Windows DNS server vulnerability
- ED 20-04: Netlogon elevation of privilege
- ED 21-04: Windows Print Spooler service vulnerability
Major Supply Chain & Software Compromises
- ED 21-01: SolarWinds Orion code compromise
- ED 21-02: Microsoft Exchange on-premises vulnerabilities
- ED 21-03: Pulse Connect Secure product vulnerabilities
- ED 22-03: VMware vulnerabilities
- ED 24-02: compromise of Microsoft corporate email accounts by Midnight Blizzard, a Russian state-sponsored cyber actor
Related Articles
The National Security Agency has announced the appointment of Tim Kosiba, a more than 30-year intelligence community veteran, as the 21st deputy director. NSA said Friday Kosiba will help U.S. defense and intelligence agencies formulate national security policies and position NSA as an integrated mission partner to help the U.S. maintain an advantage against foreign threats. In this capacity, he will also lead strategy execution, manage the senior civilian leadership and guide operations. What Are Lt. Gen. William Hartman’s Thoughts on Tim Kosiba’s Appointment? Lt. Gen. William Hartman, who is performing the duties of NSA director and chief, Central Security
Leaders at the Defense Logistics Agency’s Troop Support recently concluded a three-day course that provided groups an opportunity to present concepts aimed at modernizing military logistics through artificial intelligence and digital workforce platforms. DLA’s efforts to modernize logistics through AI, data-driven decision-making and workforce innovation mirror the themes of the Potomac Officers Club’s 2026 Digital Transformation Summit. Sign up now to hear experts on AI, cyber and enterprise IT on April 22 and be part of the conversation shaping government technology. DLA said Thursday the “Creating Innovative Navigators Course” was part of DLA Troop Support’s annual operating plan and challenged
The Federal Communications Commission has approved SpaceX’s request to expand its constellation with the deployment and operation of second-generation Starlink satellites. How Many Starlink Satellites Did the FCC Approve? FCC said Friday that SpaceX plans to deploy an additional 7,500 satellites to deliver high-speed, low-latency internet services, including mobile connectivity, on a global scale. The decision doubles the number of second-generation Starlink satellites SpaceX is allowed to launch from the 7,500 that the FCC approved in December 2022 to 15,000. What Capabilities Will Gen2 Starlink Satellites Provide? SpaceX is also cleared to upgrade its Gen2 Starlink satellites with advanced form