Cybersecurity Directives

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) develops and oversees the implementation of “binding operational directives” and “emergency directives,” which require action on the part of certain federal agencies in the civilian executive branch.

Binding Operational Directives

• BOD 20-01 - Develop and Publish a Vulnerability Disclosure Policy (draft)
• BOD 19-02 - Vulnerability Remediation Requirements for Internet-Accessible Systems
• BOD 18-02 - Securing High Value Assets
• BOD 18-01 - Enhance Email and Web Security
• BOD 17-01 - Removal of Kaspersky-branded Products
• BOD 16-03 - 2016 Agency Cybersecurity Reporting Requirements
• BOD 16-02 - Threat to Network Infrastructure Devices
• BOD 16-01 - Securing High Value Assets (Revoked)
• BOD 15-01 - Critical Vulnerability Mitigation (Revoked)

Emergency Directives

• ED 19-01 - Mitigate DNS Infrastructure Tampering