CISA Still Helping Federal Agencies Remediate Log4j Vulnerability – MeriTalk


The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to assist federal agencies in remediating the Log4j vulnerability that CISA has highlighted. custody in December.

A spokesperson for the agency issued a clarifying statement to MeriTalk making it clear that some large agencies were still in the process of fully addressing the vulnerability and prioritizing assets that accept data from the internet, which was at the center of CISA’s recent emergency directive. A statement from CISA earlier this week said agencies had remedied thousands of those assets within days of issuing the directive.

“CISA has received status reports from all major agencies, which have made significant progress in remediating or deploying other mitigation measures to address vulnerable asset risk, including already mitigating thousands of internet-connected assets, at the center of the recent emergency directive,” a spokesperson said.

“CISA continues to work with each agency to further advance the restoration of all at-risk assets,” the spokesperson said.

The widespread use of the Java library containing the vulnerability worries the agency, and CISA raised the urgency factor on Dec. 17 by issuing an emergency directive to agencies focused on Internet-connected assets and requiring remedial action. specific mitigations for products that do not yet have patches available, after initially urging swift action on December 11.

Once the vulnerability was added to CISA’s catalog of vulnerabilities, as part of its latest binding operational directive, agencies had two weeks to address the vulnerability. The agency’s statement today clarified that some agencies are still focused on dealing with vulnerable assets, especially those for which patches are not yet available.


Comments are closed.