CISA (Cybersecurity and Infrastructure Security Agency) recently released Binding Operational Directive 23-01,Improving Asset Visibility and Vulnerability Detection on Federal Networks.This directive establishes compulsory baseline requirements for Federal Civilian Executive Branch (FCEB) agencies toidentify assets and vulnerabilities on their networks and provide data to CISA at defined intervals.You can find thedirective here, and I encourage you to read the full text as it's very approachable. 

What's New in This Directive? (Teaser: Operational Technology!) 

For starters, this is a compulsory direction to FCEB agencies with a deadline: April 3, 2023. This mandate is the next step in CISA's effort to gain visibility into the risks facing federal networks, risks brought into everyday conversation with the SolarWinds breach in 2020. The wording also points to CISA's seriousness: while it says the goal is to achieve outcomes without prescribing how to do so, it does clearly list four required actions. 

For me, the most interesting aspect of this is its scope: all IP-addressable network assets. This includesoperational technology (OT) assetsas well as enterprise IT assets. All too often, policies and guidance are written for or tailored to the enterprise IT environment, and the OT networks that abound federal agencies (SCADA, building management, physical security -seemyearlier blogon this topic) and constitute critical infrastructure are overlooked. In this directive, CISA has elevated OT networks to the same level of importance as IT networks. 

How Cisco Can Help 

Cisco can be a trusted partner to FCEB agencies as they work to comply with this directive, both in the IT and OT environments. As the IT environment is familiar to most, I'm going to focus explicitly on the operational side of these agencies and point you toCisco Cyber Vision, a lightweight, easy-to-use software solution specifically built to bring visibility into OT networks. Cyber Vision serves as the foundational tool as agencies embark on establishing aZero Trust architecturein their OT environments and enable alignment and/orconvergence of their IT and OT environments. 

What's Next? 

We offer a free evaluation of the production version of Cyber Vision and are happy to help you decide whether it's the right tool for your agency.Email meor your Cisco representative to learn more and schedule a 1:1 demo.