CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and...

Description

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.

The list of the directives now considered closed is as follows -

* ED 19-01: Mitigate DNS Infrastructure Tampering
* ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
* ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
* ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
* ED 21-01: Mitigate SolarWinds Orion Code Compromise
* ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
* ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
* ED 21-04: Mitigate Windows Print Spooler Service Vulnerability
* ED 22-03: Mitigate VMware Vulnerabilities
* ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Cybersecurity

Stating that these directives were issued with an intent to safeguard Federal Civilian Executive Branch (FCEB) agencies potential risks, CISA said it worked closely with federal agencies to remediate them, incorporate best practices, and establish a more resilient digital infrastructure.

CISA also said such directives are published to ensure that emerging threats are mitigated in a timely manner, adding required actions have been either successfully implemented or are now enforced through Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities.

"As the operational lead for federal cybersecurity, CISA leverages its authorities to strengthen federal systems and defend against unacceptable risks, especially those related to hostile nation-state actors," said CISA Acting Director Madhu Gottumukkala. "The closure of these ten Emergency Directives reflects CISA's commitment to operational collaboration across the federal enterprise.

"Every day, CISA's exceptional team works collaboratively with partners to eliminate persistent access, counter emerging threats, and deliver real-time mitigation guidance. Looking ahead, CISA continues to advance Secure by Design principles – prioritizing transparency, configurability, and interoperability - so every organization can better defend their diverse environments."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Visit Original Source

Basic Information

ID THN:5E5ABC426110CD1D0BABA78AF06EF4CA

Published Jan 9, 2026 at 09:11

{
    "lastseen": "2026-01-09T09:15:05",
    "description": "![CISA Emergency Cybersecurity Directives](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.\n\nThe list of the directives now considered closed is as follows -\n\n  * ED 19-01: Mitigate DNS Infrastructure Tampering\n  * ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday\n  * ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday\n  * ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday\n  * ED 21-01: Mitigate SolarWinds Orion Code Compromise\n  * ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities\n  * ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities\n  * ED 21-04: Mitigate Windows Print Spooler Service Vulnerability\n  * ED 22-03: Mitigate VMware Vulnerabilities\n  * ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System\n\n\n\n![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)\n\nStating that these directives were issued with an intent to safeguard Federal Civilian Executive Branch (FCEB) agencies potential risks, CISA said it worked closely with federal agencies to remediate them, incorporate best practices, and establish a more resilient digital infrastructure.\n\nCISA also said such directives are published to ensure that emerging threats are mitigated in a timely manner, adding required actions have been either successfully implemented or are now enforced through Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities.\n\n\"As the operational lead for federal cybersecurity, CISA leverages its authorities to strengthen federal systems and defend against unacceptable risks, especially those related to hostile nation-state actors,\" said CISA Acting Director Madhu Gottumukkala. \"The closure of these ten Emergency Directives reflects CISA's commitment to operational collaboration across the federal enterprise.\n\n\"Every day, CISA's exceptional team works collaboratively with partners to eliminate persistent access, counter emerging threats, and deliver real-time mitigation guidance. Looking ahead, CISA continues to advance Secure by Design principles \u2013 prioritizing transparency, configurability, and interoperability - so every organization can better defend their diverse environments.\"\n\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\n",
    "published": "2026-01-09T09:11:00",
    "modified": "2026-01-09T09:11:25",
    "type": "thn",
    "title": "CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024",
    "source": "",
    "references": "",
    "id": "THN:5E5ABC426110CD1D0BABA78AF06EF4CA",
    "bulletinFamily": "info",
    "cwe": null,
    "cvelist": [],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024_THN:5E5ABC426110CD1D0BABA78AF06EF4CA

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply