Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA end-of-support edge device decommissioning mandate (BOD 26-02)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

CISA's BOD 26-02 now forces U.S. federal agencies to inventory, decommission, and replace end-of-support edge devices that no longer receive security updates. The directive covers routers, firewalls, and network switches, which CISA says are exposed to newly discovered, unpatched vulnerabilities and ongoing exploitation. Deadlines begin with a three-month inventory and extend through 12-, 18-, and 24-month remediation milestones.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA releases CI Fortify guidance for critical infrastructure resilience

Public Sector Action
First: 05.05.2026 15:00 Last: 05.05.2026 15:00 Sources 1

About this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...

Latest development: 06.05.2026 16:15

CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.

Open Happening

CISA-led zero-trust guide for OT environments

Public Sector Action
First: 30.04.2026 17:00 Last: 30.04.2026 17:00 Sources 1

About this happening: US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...

Open Happening

CISA joint Zero Trust OT guide

Public Sector Action
First: 29.04.2026 15:00 Last: 29.04.2026 15:00 Sources 1

About this happening: CISA and U.S. partners **published** a joint guide to help **OT owners and operators** apply **Zero Trust** to **operational technology environments**, giving government and infra...

Open Happening

Timeline

  1. 06.02.2026 10:41 1 articles · 3mo ago

    CISA issues BOD 26-02 for end-of-support edge devices

    Legal Policy Action Update

    CISA issued Binding Operational Directive 26-02 on 2026-02-06, requiring U.S. federal agencies to identify, inventory, decommission, and replace end-of-support network edge devices such as routers, firewalls, and network switches. The directive warns that EOS edge devices are being targeted in widespread exploitation campaigns by advanced threat actors, that newly discovered unpatched vulnerabilities expose federal systems to disproportionate and unacceptable risks, and that agencies must move unsupported hardware and software to vendor-supported equipment with current security updates on the stated deadlines.

    Show sources
    Open in new tab