CISA pushes Federal agencies to retire end-of-support edge devices
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]
Pierluigi Paganini
February 07, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must identify and replace devices that no longer receive security updates from manufacturers within the next 12 to 18 months to reduce cyber risks and improve infrastructure security.
Related breach coverage
- Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws2026-02-25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks.
- Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns2025-11-12
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned.
- CISA shortens patch deadline for critical Ivanti, SolarWinds bugs2026-03-10
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk.
- CISA retires 10 emergency cyber orders in rare bulk closure2026-01-09
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. [...]