The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a Binding Operational Directive (BOD 23-01), aimed at enhancing visibility into agency assets and associated vulnerabilities. Starting the 3rd of April 2023, federal agencies must take action in accordance with the directive, which outlines requirements to identify and inventory assets and vulnerabilities on federal networks. The binding directive is primarily focused on two core areas critical to improving visibility for a comprehensive cybersecurity program:
- Asset Discovery
- Vulnerability Enumeration
As of November 15th, 2022, Sepio has been awarded a contract to provide its Asset Risk Management (ARM) solution to the Cybersecurity and Infrastructure Security Agency (CISA). By working with CISA, Sepio will bring continuous and comprehensive asset and risk visibility to various agencies, equipping them with the capabilities to identify all assets and vulnerabilities on their networks.
Sepio’s Asset Risk Management – Efficiency and Security
Sepio’s Asset Risk Management (ARM) platform sees, assesses, and mitigates all known and shadow assets at any scale, as fast as they are added by anyone, anywhere. Using its patented technology that leverages physical layer data, Sepio provides federal agencies with a new dimension of actionable asset visibility that helps meet CISA’s operational directives in the following ways:
- Continuously discover all known and shadow assets, regardless of functionality and operability, with agnostic visibility.
- Eliminate network dependencies and avoid data swamps that require extensive analytics thanks to the solution’s trafficless approach.
- Generate a contextual Asset Risk Factor score for every asset by analyzing its true identity based on physical layer data.
- Provide detailed vulnerability data with Sepio’s knowledgebase repository – comprised of OSINT and proprietary research – which includes known-to-be-vulnerable devices.