The Cybersecurity and Infrastructure Safety Company (CISA) introduced a major milestone on January 8, 2026, by retiring ten Emergency Directives issued between 2019 and 2024.
This marks the best variety of Emergency Directives retired by the company concurrently, reflecting progress in federal cybersecurity efforts.
Emergency Directives are pressing orders issued by CISA to quickly tackle rising threats dealing with Federal Civilian Govt Department (FCEB) companies.
By closing these ten directives, CISA confirms that the required safety measures have been efficiently carried out throughout federal programs or are actually lined by current rules, such because the Binding Operational Directive (BOD) 22-01.
Why Directives Have been Closed
Seven directives associated to particular vulnerabilities have been retired as a result of these safety points are actually tracked in CISA’s Identified Exploited Vulnerabilities (KEV) catalog.
These embrace directives addressing Home windows vulnerabilities, Netlogon elevation-of-privilege points, and VMware safety issues.
Three further directives, together with these addressing the SolarWinds incident and Microsoft Trade vulnerabilities.
A current nation-state compromise of Microsoft e-mail programs was closed after CISA decided its goals had been achieved and practices had developed past its necessities.
CISA Performing Director Madhu Gottumukkala acknowledged that this closure demonstrates the company’s dedication to federal cybersecurity collaboration.
“Day-after-day, CISA’s group works with companions to eradicate persistent entry, counter threats, and ship real-time steering,” Gottumukkala famous.
The retired directives embrace important orders addressing tampering with DNS infrastructure, Home windows patch vulnerabilities from 2020, Pulse Join Safe threats, and Print Spooler service vulnerabilities.
Full Record of Retired Emergency Directives
Listed below are the now-closed directives, every a speedy response to high-stakes threats:
ED 19-01: Mitigate DNS Infrastructure Tampering
ED 20-02: Mitigate Home windows Vulnerabilities from January 2020 Patch Tuesday
ED 20-03: Mitigate Home windows DNS Server Vulnerability from July 2020 Patch Tuesday
ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
ED 21-01: Mitigate SolarWinds Orion Code Compromise
ED 21-02: Mitigate Microsoft Trade On-Premises Product Vulnerabilities
ED 21-03: Mitigate Pulse Join Safe Product Vulnerabilities
ED 21-04: Mitigate Home windows Print Spooler Service Vulnerability
ED 22-03: Mitigate VMware Vulnerabilities
ED 24-02: Mitigating the Important Danger from Nation-State Compromise of Microsoft Company E mail System
Relatively than counting on emergency directives, these protections are actually embedded in CISA’s ongoing safety applications.
The company continues advancing “Safe by Design” rules, highlighting transparency, configurability, and cross-system compatibility throughout federal infrastructure.
This consolidation permits CISA to streamline federal cybersecurity governance whereas sustaining safety towards important threats.
As cyber dangers evolve, CISA stays ready to concern new Emergency Directives when threats demand rapid motion.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
