{"id":185363,"date":"2026-02-05T15:49:00","date_gmt":"2026-02-05T20:49:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/"},"modified":"2026-02-07T10:30:28","modified_gmt":"2026-02-07T15:30:28","slug":"cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/05\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/","title":{"rendered":"CISA tells agencies to identify, upgrade unsupported edge devices"},"content":{"rendered":"<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/02\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/\">CISA tells agencies to identify, upgrade unsupported edge devices<\/a><\/p>\n<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/02\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/\">https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/02\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-05 15:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"federalnewsnetwork.com\">federalnewsnetwork.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                    Agencies are on the hook to identify outdated \u201cedge\u201d hardware and software on their networks, as the Cybersecurity and Infrastructure Security Agency warns such devices pose a \u201csubstantial and constant\u201d risk to agency IT systems.<br \/>\nIn a binding operational directive (BOD) issued Thursday, CISA directed agencies to update any end-of-support devices on their networks. Such devices \u2013 also referred to as \u201cunsupported\u201d\u2013 are no longer maintained by their vendors.<br \/>\n\u201cPersistent cyber threat actors, including those with ties to nation states, are increasingly exploiting unsupported edge devices, hardware and software, that no longer receive vendor updates to firmware or other security patches,\u201d CISA Executive Assistant Director for Cybersecurity Nick Andersen told reporters. \u201cThese devices are positioned at a network perimeter and are especially vulnerable to persistent cyber threat actors exploiting a novel or a new or known vulnerability. Once an edge device is exploited, threat actors can gain initial access to networks, move laterally, disrupt operations and exfiltrate sensitive data.\u201d<br \/>\nBODs are compulsory for civilian executive branch agencies. Andersen said CISA didn\u2019t issue the directive in response to \u201cany one incident or compromise,\u201d adding that it\u2019s \u201crecognition that unsupported devices just pose such a serious risk to federal systems.\u201d]]><\/p>\n<p>CISA has also developed an \u201cEOS Edge Device List\u201d to help agencies identify any unsupported devices. Andersen said the device would not be made public. Typically, edge devices include load balancers, firewalls, routers, switches, wireless access points, network security appliances and other components that route network traffic, according to a CISA factsheet.<br \/>\n\u201cThis list was developed specifically for the devices that are predominant in the federal government,\u201d Andersen said. \u201cIt\u2019s not really an apples to apples comparison to the devices that other government or private sector organizations may utilize. Network owners should reach out to the vendors of their specific network devices to best understand the support lifecycle for those devices.\u201d<br \/>\nWhile Andersen wouldn\u2019t comment on any specific threats to agency edge devices, CISA\u2019s Known Exploited Vulnerabilities catalog has featured multiple entries over the last year with warnings about \u201cend-of-life\u201d or \u201cend-of-service\u201d vulnerabilities, including a bug associated with unsupported D-Link routers in December.<br \/>\nA CISA-issued warning about a Chinese state-sponsored espionage campaign last September also included recommendations to upgrade any \u201cunsupported network devices.\u201d<br \/>\nNew deadlines<br \/>\nCISA\u2019s latest directive requires agencies to immediately update edge devices to vendor-supported software and firmware, wherever possible. That action is required in cases \u201cwhere such an update does not adversely impact mission critical functionality.\u201d<br \/>\nWithin three months, agencies are required to inventory any devices that are identified on CISA\u2019s end-of-service list.<br \/>\nWithin one year, CISA is requiring agencies to decommission any devices on CISA\u2019s list with an end-of-service date that falls within the next 12 months. During that 12-month period, agencies are also required to inventory all edge devices that are coming up on their end-of-service, regardless of whether the are on CISA\u2019s list.]]><\/p>\n<p>Andersen said the 12-month timeline is intended to give agencies time to complete a thorough inventory.<br \/>\n\u201cIn many cases, this may require investing in new devices, so we\u2019re encouraging all organizations to implement this guidance and the directive as soon as possible,\u201d Andersen said. \u201cBut providing for a 12-month timeline \u2026 that gives us an opportunity as well to look at this across multiple fiscal years across our across our federal government partners.\u201d<br \/>\nFinally, within 18 months, agencies will be required to decommission all end-of-service devices from their networks.<br \/>\nEnd-of-service devices no longer receive software updates or security mitigations, meaning they are more susceptible to \u201chigh-impact security incidents,\u201d according to guidance from the U.K. National Cyber Security Centre. Andersen said CISA collaborated with the NCSC and the FBI on the directive.<br \/>\nThe U.K. agency warns that without security patches, obsolete technology products are difficult to secure, though it acknowledges that not all organizations are able to fully migrate way from such products.<br \/>\n\u201cWhen a product is no longer supported by its developer, there are limits on the measures that will be effective in protecting against new threats,\u201d the NCSC guidance states. \u201cOver time, new vulnerabilities will be discovered that can be exploited by relatively low-skilled attackers.\u201d<br \/>\nAgencies have long struggled to keep pace with the private sector in modernizing their legacy IT systems. A Government Accountability Office review last year identified 11 legacy federal IT systems that were \u201cmost in need of modernization. GAO found four of the IT systems had unsupported hardware or software, while seven were operating with \u201cknown cybersecurity vulnerabilities.\u201d<br \/>\nAndersen said CISA coordinated with the White House Office of Management and Budget on the new directive. He said CISA would monitor compliance with the BOD and provide support to agencies where needed.<br \/>\n\u201cWe\u2019re looking forward to having a conversation around technical solutions to help make this easier, both for our federal family as well as those within the broader community with things like using open EOX, which is a standardized approach to sharing some of this end-of-life support information and optimizing the product life cycle oversight using it,\u201d Andersen said.]]><\/p>\n<p>\u00a0<br \/>\n                    Copyright<br \/>\n                            \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA tells agencies to identify, upgrade unsupported edge devices https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/02\/cisa-tells-agencies-to-identify-upgrade-unsupported-edge-devices\/ Publish Date: 2026-02-05 15:49:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":185364,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2019\/04\/Net_Neutrality_Vote_33297.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29,27],"class_list":["post-185363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185363"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=185363"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185363\/revisions"}],"predecessor-version":[{"id":185365,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185363\/revisions\/185365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/185364"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=185363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=185363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=185363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}