Comply with CISA Binding Operational Directive (BOD) 23-01

Sepio’s Asset Risk Management Platform helps you to painlessly fulfill the BOD 23-01 requirements

CISA Binding Operational Directive (BOD) 23-01

CISA Binding Operational Directive (BOD) 23-01

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) on October 3, 2022 that requires all Federal Civilian Executive Branch (FCEB) agencies to improve asset visibility and vulnerability detection on federal networks. This directive is an extension of the President’s Executive Order on Cybersecurity (14028). 
All FCEB agencies must take action and report to CISA by April 3, 2023.

Comply with CISA Binding Operational Directive (BOD) 23-01

How can Sepio help you with the required CISA BOD 23-01 controls?

By April 3, 2023, all FCEB agencies must deploy an updated continuous diagnostics and mitigation (CDM) Dashboard configuration that enables access to object-level vulnerability enumeration data for CISA analysts. Agencies must demonstrate their ability to:

  • Perform automated asset discovery of all IP-addressable assets every 7 days
  • Initiate vulnerability enumeration every 14 days
  • Upload vulnerability results into the Continuous Diagnostics and Mitigation (CDM) Agency Dashboard within 72 hours
  • Initiate asset discovery and vulnerability on demand as required within 72 hours

Sepio’s Asset Risk Management platform fulfills all of the above controls in an easily deployed solution, at scale.
CISA leverages the CDM Program’s DEFEND A vehicle to procure Sepio.

asset discovery

Asset Discovery

Sepio’s trafficless Asset Discovery approach, sees all known, shadow and rogue assets, as soon as they are connected, wherever they are, whoever installed them, however they are or aren’t in use.

Based on the objective DNA profile for every asset at its physical layer source, untainted by profile perceptions or resource-draining behavior assumptions, providing a single pane of view into all assets within the scope of BOD 23-01.

vulnerability enumeration

Vulnerability Enumeration

Sepio’s internal OSINT based Vulnerability Enumeration module is boosted by it’s internal research team.  Every discovered asset is presented with its associated vulnerabilities.

Sepio continuously highlights gaps in organizations vulnerability scanning, easily identifying vulnerable assets as soon as the vulnerability signatures become available.

vulnerability reporting

Vulnerability Reporting

Sepio’s extensive reporting capabilities easily drive automation processes independently or through its detailed API.

Sepio can provides raw physical layer data through its recorded logs and events database alongside its machine learning based algorithm enhancing Vulnerability Reporting with Asset DNA information.

We would love to show you how Sepio's solution works.

Sepio’s platform generates a physical layer asset DNA for every connected device, which is then analyzed by our ML-based algorithm resulting in a new visibility level and vulnerability detection never available before.