CISA retires ten Emergency Directives for FCEB agencies
Public Sector Action
Summary
Hide ▲
Show ▼
CISA retired ten Emergency Directives, ending a major set of federal cybersecurity remediation requirements for Federal Civilian Executive Branch (FCEB) agencies. The agency said the directives were either fully implemented or now covered by BOD 22-01 and the KEV catalog. CISA said the retirement is the highest number it has closed at one time, marking a notable federal cybersecurity milestone.
Related Happenings
CISA BOD 26-04 three-day remediation directive
Public Sector Action
H score36
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
CISA BOD 26-04 three-day remediation directive
Public Sector ActionAbout this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
Trump executive order sets federal PQC migration deadlines
Public Sector Action
H score23
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
Trump executive order sets federal PQC migration deadlines
Public Sector ActionAbout this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
Timeline
-
08.01.2026 14:00 3 articles · 6mo ago
CISA retires ten FCEB Emergency Directives
Legal Policy Action UpdateCISA retired ten Emergency Directives affecting Federal Civilian Executive Branch (FCEB) agencies after determining the required actions had been implemented or were now covered by Binding Operational Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog. The closed directives included ED 19-01, ED 20-02, ED 20-03, ED 20-04, ED 21-01, ED 21-02, ED 21-03, ED 21-04, ED 22-03, and ED 24-02, spanning remediation guidance for Windows, SolarWinds Orion, Microsoft Exchange On-Premises, Pulse Connect Secure, VMware, and the Microsoft Corporate Email System.
Show sources
- CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity — www.cisa.gov — 08.01.2026 14:00
- CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024 — thehackernews.com — 09.01.2026 11:11
- CISA Closes Ten Emergency Directives After Federal Cyber Reviews — www.infosecurity-magazine.com — 12.01.2026 18:45