CISA Gets Serious About Visibility on Federal Networks – How U.S. Agencies Can Meet BOD 23-01

Share This

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive (BOD 23-01) that is designed to improve U.S. federal agencies’ ability to find vulnerabilities in their network for better prevention and response to cybersecurity incidents. 

According to CISA, BOD 23-01 aims “to make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities.” And that progress will happen quickly. By April 3, 2023, federal agencies must begin performing automated asset discovery every seven days and identify and report suspected vulnerabilities on those assets every 14 days. Agencies must also automate the reporting of detected vulnerabilities to Continuous Diagnostics and Mitigation (CDM) dashboards within 72 hours of discovering the potential exploit. In this blog, we outline the details BOD 23-01 and how Nozomi Networks solutions can help U.S. federal agencies meet the directive’s requirements.

binding operational directive 23-01
CISA’s Binding Operational Directive 23-01 sets requirements for asset visibility and vulnerability detection on federal networks.

What Is a Binding Operational Directive?

A binding operational directive (BOD) is a compulsory direction to the federal, executive branch, departments and agencies to safeguard federal information and information systems. In this case, the directive focuses on asset discovery and vulnerability enumeration, both essential to improving operational visibility for a successful cybersecurity program.

Scope of BOD 23-01

BOD 23-01 applies to all agencies operating as a Federal Civilian Executive Branch (FCEB) agency such as the Department of Justice, the Department of Education, and the Department of Health and Human Services. It also applies to any entity acting on behalf of a FCEB agency that “collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.”
 
BOD 23-01 applies to all IP-addressable networked assets that can be reached over IPv4 and IPv6 protocols. For the purpose of this directive, an IP-addressable networked asset is defined as any reportable (i.e., nonephemeral) information technology or operational technology asset that is assigned an IPv4 or IPv6 address and accessible over IPv4 or IPv6 networks, regardless of the environment it operates in.

By April 3, 2023, all FCEB agencies are required to take the following actions on all federal information systems in scope of this directive:

  1. Perform automated asset discovery every 7 days.
  2.  Initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days.
  3.  Initiate automated ingestion of vulnerability enumeration results (i.e., detected vulnerabilities) into the CDM Agency Dashboard within 72 hours of discovery completion.
  4. Develop and maintain the operational capability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA and provide the available results to CISA within 7 days of request.

How Nozomi Networks Solutions Can Help

BOD 23-01 Required ActionHow Nozomi Networks Meets It
a. Perform automated asset discovery every 7 days.Nozomi Networks provides always-on continuous OT and IoT asset inventory that is always up-to-date.
b. Initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days.Nozomi Networks provides always-on continuous OT and IoT vulnerability scanning that is always up-to-date.
c. Initiate automated ingestion of vulnerability enumeration results (i.e., detected vulnerabilities) into the CDM Agency Dashboard within 72 hours of discovery completion.Nozomi Networks has an open API backend that can be used to provide relevant data for ingestion into the CDM Dashboard.
d. Develop and maintain the operational capability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA and provide the available results to CISA within 7 days of request.Nozomi Networks provides always-on continuous asset inventory vulnerability enumeration but also has an on-demand active smart polling capability.

Most agencies have worked for years to understand their IT assets and vulnerabilities, but few have focused on OT and IoT asset and vulnerability discovery. BOD 23-makes it compulsory to understand all FCEB agency OT and IoT IP addressable assets by April 2023 and Nozomi Networks has proven solutions to help.

Let’s Get Started

Nozomi Networks provides unparalleled OT & IT network visibility.  We tracks vulnerabilities across all OT, IT and IoT devices.  Our visibility and security solutions provide immediate value right out of the box—identifying all assets and protocols on the network, with fewer false alarms than comparable solutions. We deliver deeper insights with more inherent knowledge of devices, protocols and processes for pinpoint accuracy. Because our solutions are purpose-built for converged OT and IT environments, we are able to provide insights and actionable intelligence that are very pertinent to FCEB agencies. It’s also easier to add sites and devices for faster time to resiliency and a truly scalable solution for the largest organizations.

Request a demo to learn how Nozomi Networks can help you quickly gain an accurate, real-time view of the assets and vulnerabilities on your network. We can help you an anticipate, diagnose and respond to cyber threats before they impact agency operations.

SOLUTION BRIEF

Nozomi Networks

Learn about the leading solution for real-time OT and IoT security and visibility.

Let's get started

Discover how easy it is to anticipate, diagnose and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.