Hello, Guest.!

CISA Issues Remote Vulnerability & Patch Management Guide

1 min read

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a document to guide federal agencies when patching remote devices outside agency networks.

CISA said the Capacity Engagement Guide for Remote Vulnerability and Patch Management seeks to complement the interim Trusted Internet Connections 3.0 telework guidance released in April.

The document presents a scenario where a vulnerability and patch management tool is hosted in an agency-sanctioned cloud environment and enables remote devices to utilize split tunneling to access resources in the cloud.

“Agencies using this approach must ensure that remote device traffic destined for the cloud-based solution is properly constrained to sanctioned destinations and that roaming devices do not connect to unsanctioned resources, i.e., individual software applications are not allowed to directly access and download updates from vendor sites,” the guide reads.

CISA said the guide applies to software on managed end-user government-furnished equipment running on MacOS or Microsoft Windows operating systems and provides a checklist of requirements agencies should meet to facilitate the implementation of the cloud-based remote vulnerability and patch management tool.