CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over

The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog.

The US cybersecurity agency CISA on Thursday announced closing 10 Emergency Directives issued between 2019 and 2024.

The retired directives, CISA says, have achieved their mission to mitigate urgent and imminent risks to federal agencies.

“Since their issuance, CISA has partnered closely with federal agencies to drive remediation, embed best practices and overcome systemic challenges – establishing a stronger, more resilient digital infrastructure for a more secure America,” the agency notes.

For three of the closed CISA Emergency Directives, namely ‘ED 19-01: Mitigate DNS Infrastructure Tampering’, ‘ED 21-01: Mitigate SolarWinds Orion Code Compromise’, and ‘ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System’, objectives have been achieved, rendering the directives obsolete, CISA says.

The remaining seven directives, namely ED 20-02, ED 20-03, ED 20-04, ED 21-02, ED 21-03, ED ...