Comply with CISA Binding Operational Directive (BOD) 23-01

Sepio’s Asset Risk Management Platform helps you to painlessly fulfill the BOD 23-01 requirements

CISA Binding Operational Directive 23-01

CISA Binding Operational Directive 23-01

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) on October 3, 2022 that requires all Federal Civilian Executive Branch (FCEB) agencies to improve asset visibility and vulnerability detection on federal networks. This directive is an extension of the President’s Executive Order on Cybersecurity (14028). 
All FCEB agencies must take action and report to CISA by April 3, 2023.

Comply with CISA Binding Operational Directive

How can Sepio help you with the required controls?

By April 3, 2023, all FCEB agencies must deploy an updated CDM Dashboard configuration that enables access to object-level vulnerability enumeration data for CISA analysts. Agencies must demonstrate their ability to:

  • Perform automated asset discovery of all IP-addressable assets every 7 days
  • Initiate vulnerability enumeration every 14 days
  • Upload vulnerability results into the Continuous Diagnostics and Mitigation (CDM) Agency Dashboard within 72 hours
  • Initiate asset discovery and vulnerability on demand as required within 72 hours

Sepio’s Asset Risk Management platform fulfills all of the above controls in an easily deployed solution, at scale.
CISA leverages the CDM Program’s DEFEND A vehicle to procure Sepio.

asset discovery

Asset Discovery

Sepio’s trafficless Asset Discovery approach, sees all known, shadow and rogue assets, as soon as they are connected, wherever they are, whoever installed them, however they are or aren’t in use.

Based on the objective DNA profile for every asset at its physical layer source, untainted by profile perceptions or resource-draining behavior assumptions, providing a single pane of view into all assets within the scope of BOD 23-01.

vulnerability enumeration

Vulnerability Enumeration

Sepio’s internal OSINT based Vulnerability Enumeration module is boosted by it’s internal research team.  Every discovered asset is presented with its associated vulnerabilities.

Sepio continuously highlights gaps in organizations vulnerability scanning, easily identifying vulnerable assets as soon as the vulnerability signatures become available.

vulnerability reporting

Vulnerability Reporting

Sepio’s extensive reporting capabilities easily drive automation processes independently or through its detailed API.

Sepio can provides raw physical layer data through its recorded logs and events database alongside its machine learning based algorithm enhancing Vulnerability Reporting with Asset DNA information.

We would love to show you how Sepio’s solution works.

Sepio generates a physical layer asset DNA for every connected device, which is then analyzed by our ML-based algorithm resulting in a new visibility level and vulnerability detection never available before.

Learn more about Cybersecurity Asset Management

Hardware in Healthcare and Managing Cybersecurity Risks

Hardware in healthcare is associated with cybersecurity risks. These are crucial to mitigate for HDOs because cybersecurity can directly effect patient care. To reduce the risk of hardware-based attacks, HDOs need to gain full visibility into their assets.

Read more

Understanding Zero Trust Hardware Access: An Introduction to the Sepio Platform

This report explains hardware security for zero trust and illustrates the concept using the Sepio commercial solution.

Read more

Mission Possible – Printer Hacked

Did you think that this only happens in the movies? Think again.

Watch now