{"id":210864,"date":"2026-02-05T14:48:00","date_gmt":"2026-02-05T19:48:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/05\/cisa-orders-agencies-to-patch-and-replace-end-of-life-devices-citing-active-exploitation\/"},"modified":"2026-02-07T01:05:14","modified_gmt":"2026-02-07T06:05:14","slug":"cisa-orders-agencies-to-patch-and-replace-end-of-life-devices-citing-active-exploitation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/05\/cisa-orders-agencies-to-patch-and-replace-end-of-life-devices-citing-active-exploitation\/","title":{"rendered":"CISA orders agencies to patch and replace end-of-life devices, citing active exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/02\/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation\/411227\/\">CISA orders agencies to patch and replace end-of-life devices, citing active exploitation<\/a><\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/02\/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation\/411227\/\">https:\/\/www.nextgov.com\/cybersecurity\/2026\/02\/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation\/411227\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-05 14:48:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.nextgov.com\">www.nextgov.com<\/a><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency said Thursday it detected widespread exploitation of unsupported, internet-facing devices by advanced hackers and ordered federal agencies to begin a monthslong process of removing and replacing that outdated equipment.<\/p>\n<p>The binding operational directive focuses on edge devices, many of which remain in service long after software vendors stop issuing security updates, increasing the risk of exploitation.<\/p>\n<p>\u201cThe imminent threat of exploitation to agency information systems running EOS edge devices is substantial and constant, resulting in a significant threat to federal property. CISA is aware of widespread exploitation campaigns by advanced threat actors targeting EOS edge devices,\u201d the directive says.<\/p>\n<p>On a call with reporters, Nick Andersen, executive assistant director for cybersecurity at CISA, said that some of the hackers have ties to nation state adversaries.\u00a0<\/p>\n<p>\u201cWe\u2019re encouraging other organizations to follow our lead and adopt similar actions to strengthen the security of their edge devices. Put simply, unsupported devices should never remain on enterprise networks,\u201d he said. The directive isn\u2019t a response to any one compromise, he added, though he declined to name specific incidents that motivated the directive\u2019s issuance.<\/p>\n<p>Legacy systems are a repeated, common avenue that government agencies continue to struggle to secure, making them attractive targets for advanced threat actors once security updates lapse. At any point in time, hackers may be targeting federal computer networks, which frequently house sensitive data tied to government operations, public services and national functions.<\/p>\n<p>The directive gives agencies three months to identify unsupported edge devices, a year to begin removing them and 18 months to eliminate them entirely, before requiring continuous monitoring to prevent outdated systems from returning to federal networks.<\/p>\n<p>Agencies must immediately update any vendor-supported edge&#8230;<\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/02\/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation\/411227\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA orders agencies to patch and replace end-of-life devices, citing active exploitation https:\/\/www.nextgov.com\/cybersecurity\/2026\/02\/cisa-orders-agencies-patch-and-replace-end-life-devices-citing-active-exploitation\/411227\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210865,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.nextgov.com\/media\/img\/cd\/2026\/02\/05\/020526endpointNG\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-210864","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210864"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210864"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210864\/revisions"}],"predecessor-version":[{"id":210866,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210864\/revisions\/210866"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210865"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}