The Cybersecurity and Infrastructure Security Agency has recommended adopting OpenEoX, an international standard that defines how end-of-support product lifecycle information is shared across the hardware and software industries.
CISA said Friday that OpenEoX could help organizations better identify unsupported technologies that remain embedded in enterprise networks and critical infrastructure environments.
The guidance follows CISA’s recent issuance of Binding Operational Directive 26-02, which requires federal civilian agencies to inventory and replace end-of-support edge devices.
The Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together government and industry leaders to discuss federal cybersecurity priorities, emerging threats and implementation challenges. Register now.
Table of Contents
Why Is CISA Focused on End-of-Support Edge Devices?
CISA said the presence of unsupported edge hardware and software allows threat actors to exploit systems that no longer receive vendor updates. The agency warned that nation-state adversaries have increasingly used these devices to gain access, maintain persistence and compromise sensitive data.
What Is OpenEoX and How Does It Work?
OpenEoX is an OASIS OPEN international standard that provides a machine-readable JSON schema for exchanging product lifecycle information. It is designed to integrate with existing vulnerability management standards, including software bills of materials and the Common Security Advisory Framework.
What Benefits Does OpenEoX Provide?
CISA said OpenEoX allows technology producers to standardize and automate how they communicate end-of-support milestones, reducing manual processes and improving transparency for customers.
For organizations managing IT and operational technology environments, the standard enables faster identification of products approaching or past end-of-support, allowing risks to be addressed earlier.
CISA said broader adoption of OpenEoX will require coordinated action across the vulnerability management ecosystem and urged both producers and consumers to incorporate the standard into their processes.
For producers, CISA recommended publicly publishing OpenEoX documents for products without barriers, such as customer portals or paywalls, and integrating OpenEoX into vulnerability-scanning and asset-management tools to automate lifecycle tracking.
For consumers, the agency advised incorporating OpenEoX data into vulnerability management workflows to support proactive replacement of end-of-support devices, timely patching of vulnerabilities, and software and hardware updates. CISA also urged organizations to encourage suppliers and partners to adopt OpenEoX as part of broader efforts to reduce ecosystem risk.
Related Articles
Kirsten Davies, the Department of War’s chief information officer and a 2026 Wash100 awardee, emphasized a mission-first approach to technology modernization, stating that DOW’s information enterprise must directly support the warfighter and align with the National Defense Strategy, DOW said Tuesday. The DOW CIO’s remarks underscore how senior defense technology leaders are aligning modernization efforts with measurable mission outcomes and direct support to the warfighter. Reserve your seat at the 2026 Digital Transformation Summit on April 22 to connect with government and industry executives driving the next phase of federal digital modernization. “Our mission is to support the National Defense
The Department of Transportation has promoted Devin Ure to deputy assistant secretary for budget and programs. Ure announced the appointment Sunday in a LinkedIn post. “I’m incredibly grateful for my previous role as the Chief Financial Officer for the Office of the Secretary at U.S. Department of Transportation and for the mentors who supported me along the way. I’m looking forward to working with the talented team we have,” said Ure. Who Is Devin Ure? Ure is a career public servant with extensive experience applying analytics-driven strategies to financial management and organizational modernization. He has implemented automation, dashboards and predictive tools to
The Idaho National Laboratory and NVIDIA have partnered to leverage artificial intelligence to accelerate the deployment of advanced nuclear energy systems. As AI adoption continues to expand across government and industry, collaborations like the INL-NVIDIA effort underscore how emerging technologies are being applied to complex national priorities. These developments reflect the broader momentum behind AI-driven modernization efforts across the federal landscape. Save your spot now at the 2026 Artificial Intelligence Summit on March 18! INL said Tuesday the partnership supports the Department of Energy’s Genesis Mission and focuses on a “grand challenge” known as Prometheus, which aims to bring commercial-scale