好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户已经提供了文章的英文内容,所以我得先通读一遍,理解主要信息。 文章讲的是美国网络安全机构CISA取消了10项紧急指令。这些指令是在2019到2024年间发布的,涉及特朗普和拜登政府。CISA通常会发布这些指令来强制联邦机构修补漏洞或停止某些活动。现在取消的原因是因为这些指令已经成功实施,或者被已知漏洞目录(KEV)覆盖了。 KEV目录要求机构在三周内修补漏洞,最近甚至缩短到24小时内。被取消的指令涉及微软和VMware的多个漏洞。另外三个指令则是因为目标达成或不再符合当前风险情况。 总结的时候要抓住关键点:CISA取消10项指令的原因、时间范围、涉及的漏洞类型以及KEV的作用。同时要保持简洁,控制在100字以内。 可能的结构是:CISA取消了10项紧急指令,因为它们已被成功实施或被已知漏洞目录取代。这些指令涉及微软、VMware等漏洞,并反映了CISA对联邦机构协作的承诺。 最后检查一下是否符合用户的要求,没有使用“文章内容总结”之类的开头,并且直接描述内容。 </think> 美国网络安全机构CISA取消了10项紧急指令,因其已被成功实施或被已知漏洞目录取代。这些指令涉及微软、VMware等技术产品的安全漏洞,并反映了CISA对联邦机构协作的承诺。 2026-1-8 22:16:12 Author: therecord.media(查看原文) 阅读量:9 收藏
Ten emergency directives issued by the U.S.’s top cybersecurity agency have been retired after officials determined they were redundant thanks in part to a widely used catalog of exploited vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that the 10 directives being retired were issued between 2019 and 2024, spanning both the Trump and Biden administrations. The agency typically issues emergency directives to force federal civilian agencies to patch specific vulnerabilities or stop some activity being exploited by threat actors. CISA said it was taking the step after working with “federal agencies to drive remediation, embed best practices and overcome systemic challenges.” The directives achieved their mission to mitigate urgent and imminent risks to Federal Civilian Executive Branch (FCEB) agencies, according to CISA. CISA Acting Director Madhu Gottumukkala explained that the agency typically leverages its authority in situations with “unacceptable risks, especially those related to hostile nation-state actors.” “The closure of these ten Emergency Directives reflects CISA’s commitment to operational collaboration across the federal enterprise.” CISA conducted a review of all active emergency directives and determined that these 10 were either implemented successfully or were addressed by specific vulnerabilities being added to the Known Exploited Vulnerabilities catalog. The catalog, known colloquially as the KEV, typically sets a three-week deadline for federal civilian agencies to patch bugs that CISA knows have been exploited by threat actors. In recent months, CISA has set shorter timelines for some severe vulnerabilities added to the KEV, including one that needed to be patched within 24 hours. The directives being retired because they relate to bugs now in the KEV include Microsoft vulnerabilities CVE-2020-0601, CVE-2020-1350, CVE-2020-1472, CVE-2021-26855, CVE-2021-34527, and CVE-2021-22893. There is also a directive on a bug affecting VMware products being retired. For three other emergency directives, CISA “determined that their objectives were achieved, requirements no longer align with the current risk posture, and changes in practices have rendered the directives obsolete.” The emergency directives are now tagged as “closed” on CISA’s website. The last two emergency directives issued by CISA concerned vulnerabilities affecting products from F5 and Cisco.
Get more insights with the
Recorded Future
Intelligence Cloud.
如有侵权请联系:admin#unsafe.sh