Modern environments have become more dynamic and the need for equally progressive asset discovery techniques has intensified. The new Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 23-01 recognizes this fact.
What is BOD 23-01?
While it is only binding for US federal civilian agencies, the directive emphasizes the foundational asset discovery and intelligence capabilities all organizations must possess to be prepared for modern threats. Without the critical insight these capabilities provide, the effectiveness of all other cybersecurity initiatives is hampered.
In this new directive, CISA recognizes that any cybersecurity initiative begins with a complete and accurate understanding of all the cyber assets you have, and the resulting attack surface they expose. In short, you must know what you’re trying to defend to defend it effectively.
BOD 23-01 calls on government agencies to execute comprehensive asset discovery scans at least every 7 days. They must also perform vulnerability enumeration across all discovered assets at least every 14 days. The scope of these scans is expansive, to include any IP connected device: a…
