1. Forum
  2. Mailing Lists
  3. Cybersecurity & Infrastru

  • CISA Releases Binding Operational Directive 26-02 on Mitigating Risks from End-of-Support Edge Devices

    From CISA@cisa@messages.cisa.gov to cisa@toolazy.synchro.net on Thu Feb 5 20:03:39 2026
    --===============7964677308733940673==
    Content-Type: multipart/alternative; boundary="===============6462095378844558428=="
    MIME-Version: 1.0

    --===============6462095378844558428==
    Content-Type: text/plain; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: quoted-printable

    Cybersecurity and Infrastructure Security Agency (CISA)

    You are subscribed to Cybersecurity Advisories for Cybersecurity and Infras= tructure Security Agency. This information has recently been updated and is=
    now available.

    CISA Releases Binding Operational Directive 26-02 on Mitigating Risks from = End-of-Support Edge Devices [ https://www.cisa.gov/news-events/directives/b= od-26-02-mitigating-risk-end-support-edge-devices?utm_source=3DBOD26-02&utm= _medium=3DGovDelivery ] 02/05/2026 3:00 PM EST=20

    Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued B= inding Operational Directive 26-02: Mitigating Risk From End-of-Support Edg=
    e Devices [ https://www.cisa.gov/news-events/directives/bod-26-02-mitigatin= g-risk-end-support-edge-devices?utm_source=3DBOD26-02&utm_medium=3DGovDeliv= ery ]. This directive requires federal agencies to identify edge device har= dware and software that is approaching or has reached end-of-support (EOS),=
    and to take immediate action to address unsupported devices operating on f= ederal networks.

    *Key Actions:*


    * Update vendor supported edge devices running EOS software=20
    * Inventory all devices that are EOS or will become EOS within the next 1=
    2 months=20
    * Remove EOS devices from networks and replace them with vendor-supported=
    devices that receive security updates=20
    * Establish a process for continuous discovery of edge devices and regula= rly update your edge device inventory=20

    For detailed guidance, see Binding Operational Directive 26-02 [ https://ww= w.cisa.gov/news-events/directives/bod-26-02-mitigating-risk-end-support-edg= e-devices?utm_source=3DBOD26-02&utm_medium=3DGovDelivery ].

    *Additional Resource:*

    CISA, in collaboration with the Federal Bureau of Investigation and the UK= =E2=80=99s National Cyber Security Centre, also released a fact sheet, Redu= cing the Attack Surface for End-of-Support Edge Devices [ https://www.cisa.= gov/resources-tools/resources/reducing-attack-surface-end-support-edge-devi= ces?utm_source=3DEdgeDeviceAttackSurface&utm_medium=3DGovDelivery ], sharin=
    g best practices for all organizations. The fact sheet includes examples of=
    edge device exploitation by nation-state threat actors and mitigation guid= ance based on the actions required for federal agencies in BOD 26-02. For m= ore information, read the fact sheet [ https://www.cisa.gov/resources-tools= /resources/reducing-attack-surface-end-support-edge-devices?utm_source=3DEd= geDeviceAttackSurface&utm_medium=3DGovDelivery ].

    As the nation=E2=80=99s cyber defense agency, CISA strongly urges all organ= izations to implement edge security best practices and mitigations as a mat= ter of national security.

    For more information on CISA's edge device security efforts, please visit: = Edge Device Security | CISA [ https://www.cisa.gov/topics/cybersecurity-bes= t-practices/edge-device-security ].

    Please share your thoughts with us through this this anonymous survey [ htt= ps://cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?Source=3DGov= DeliveryEdgeDeviceAttackSurface ]. We appreciate your feedback!

    This product is provided subject to this=C2=A0Notification [ https://www.ci= sa.gov/notification ]=C2=A0and this=C2=A0Privacy & Use [ https://www.cisa.g= ov/privacy-policy ]=C2=A0policy.

    body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
    : normal; font-style: normal; color: #333333; }=20

    Having trouble viewing this message?=C2=A0View it as a webpage [ https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/407f8f2 ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]

    You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [ https://www.cisa.gov ] (CISA)
    Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [ https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]

    Connect with CISA:=20
    Facebook [ https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [ https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [ https://Instagram.com/cisag=
    ov ]=C2=A0 |=C2=A0 LinkedIn [ https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]

    ________________________________________________________________________

    This email was sent to cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
    =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ = https://subscriberhelp.granicus.com/ ]=20
    body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
    y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}

    --===============6462095378844558428==
    Content-Type: text/html; charset="utf-8"
    MIME-Version: 1.0
    Content-Transfer-Encoding: quoted-printable

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
    <title> CISA Releases Binding Operational Directive 26-02 on Mitigating = Risks from End-of-Support Edge Devices
    </title>


    </head>
    <body style=3D"">

    <table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
    align=3D"center">
    <tr>
    <td>

    <!--[if (gte mso 9)|(IE)]>
    <table style=3D"display:none"><tr><td><a name=3D"gd_top" id=3D"gd_top"></= a></td></tr></table>
    <![endif]-->
    <a name=3D"gd_top" id=3D"gd_top"></a>

    =20



    <p><img src=3D"https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100"></p>
    <p>You are subscribed to Cybersecurity Advisories for Cybersecurity and I= nfrastructure Security Agency. This information has recently been updated a=
    nd is now available.</p>
    <div class=3D"rss_item" style=3D"margin-bottom: 2em;">
    <div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
    n: 0 0 0.3em; padding: 0;"><a href=3D"https://www.cisa.gov/news-events/dire= ctives/bod-26-02-mitigating-risk-end-support-edge-devices?utm_source=3DBOD2= 6-02&utm_medium=3DGovDelivery" target=3D"_blank" title=3D"CISA Releases Bin= ding Operational Directive 26-02 on Mitigating Risks from End-of-Support Ed=
    ge Devices" rel=3D"noopener">CISA Releases Binding Operational Directive 26= -02 on Mitigating Risks from End-of-Support Edge Devices</a></div>
    <div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">02/05/2026 3:00 PM EST</div>
    <div class=3D"l-page-section l-page-section--rich-text csaf-imported">
    <div class=3D"l-constrain">
    <div class=3D"l-page-section__content">
    <p>Today, the Cybersecurity and Infrastructure Security Agency (CISA) issue=
    d <a href=3D"https://www.cisa.gov/news-events/directives/bod-26-02-mitigati= ng-risk-end-support-edge-devices?utm_source=3DBOD26-02&utm_medium=3DGovDeli= very" target=3D"_blank" title=3D"Binding Operational Directive 26-02: Mitig= ating Risk From End-of-Support Edge Devices" rel=3D"noopener">Binding Opera= tional Directive 26-02: Mitigating Risk From End-of-Support Edge Devices</a=
    . This directive requires federal agencies to identify edge device hardwar=
    e and software that is approaching or has reached end-of-support (EOS), and=
    to take immediate action to address unsupported devices operating on feder=
    al networks.</p>
    <p><strong>Key Actions:</strong></p>

    <li>Update vendor supported edge devices running EOS software</li> <li>Inventory all devices that are EOS or will become EOS within the next 1=
    2 months</li>
    <li>Remove EOS devices from networks and replace them with vendor-supported=
    devices that receive security updates</li>
    <li>Establish a process for continuous discovery of edge devices and regula= rly update your edge device inventory</li>
    </ul>
    <p>For detailed guidance, see <a href=3D"https://www.cisa.gov/news-events/d= irectives/bod-26-02-mitigating-risk-end-support-edge-devices?utm_source=3DB= OD26-02&utm_medium=3DGovDelivery" target=3D"_blank" title=3D"Binding Operat= ional Directive 26-02" rel=3D"noopener">Binding Operational Directive 26-02= </a>.</p>
    <p><strong>Additional Resource:</strong></p>
    <p>CISA, in collaboration with the Federal Bureau of Investigation and the = UK=E2=80=99s National Cyber Security Centre, also released a fact sheet, <a=
    href=3D"https://www.cisa.gov/resources-tools/resources/reducing-attack-sur= face-end-support-edge-devices?utm_source=3DEdgeDeviceAttackSurface&utm_medi= um=3DGovDelivery" target=3D"_blank" title=3D"Reducing the Attack Surface fo=
    r End-of-Support Edge Devices" rel=3D"noopener">Reducing the Attack Surface=
    for End-of-Support Edge Devices</a>, sharing best practices for all organi= zations. The fact sheet includes examples of edge device exploitation by na= tion-state threat actors and mitigation guidance based on the actions requi= red for federal agencies in BOD 26-02. For more information, read the <a hr= ef=3D"https://www.cisa.gov/resources-tools/resources/reducing-attack-surfac= e-end-support-edge-devices?utm_source=3DEdgeDeviceAttackSurface&utm_medium= =3DGovDelivery" target=3D"_blank" title=3D"fact sheet" rel=3D"noopener">fac=
    t sheet</a>.</p>
    <p>As the nation=E2=80=99s cyber defense agency, CISA strongly urges all or= ganizations to implement edge security best practices and mitigations as a = matter of national security.</p>
    <p>For more information on CISA's edge device security efforts, please visi=
    t: <a href=3D"https://www.cisa.gov/topics/cybersecurity-best-practices/edge= -device-security" target=3D"_blank" title=3D"Edge Device Security | CISA" r= el=3D"noopener">Edge Device Security | CISA</a>.</p>
    <p>Please share your thoughts with us through this this <a href=3D"https://= cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?Source=3DGovDeliv= eryEdgeDeviceAttackSurface" target=3D"_blank" title=3D"anonymous survey" re= l=3D"noopener">anonymous survey</a>. We appreciate your feedback!</p>
    </div>
    </div>
    </div>
    <div class=3D"l-constrain l-page-section--rich-text">
    <div class=3D"l-page-section__content">
    <div class=3D"c-field c-field--name-body c-field--type-text-with-summary c-= field--label-hidden">
    <div class=3D"c-field__content">
    <p>This product is provided subject to this=C2=A0<a href=3D"https://www.cis= a.gov/notification" target=3D"_blank" title=3D"Follow link" rel=3D"noopener= ">Notification</a>=C2=A0and this=C2=A0<a href=3D"https://www.cisa.gov/priva= cy-policy" target=3D"_blank" title=3D"Follow link" rel=3D"noopener">Privacy=
    &amp; Use</a>=C2=A0policy.</p>
    </div>
    </div>
    </div>
    </div>
    </div>
    <style>body {
    font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
    l; font-style: normal; color: #333333;
    }
    </style>
    =20


    <div id=3D"mail_footer">
    <p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; colo=
    r: #757575;">Having trouble viewing this message?=C2=A0</span><a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/407f8f2" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a><span style=3D"font-size: 10.0pt; color: #757575;= "></span></p>
    <p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">You are subscribed to updates from the </span><a href=3D"https://w= ww.cisa.gov"><span style=3D"font-size: 10.0pt;">Cybersecurity and Infrastru= cture Security Agency</span></a><span style=3D"font-size: 10.0pt; color: #7= 57575;"> (CISA)<br></span><a href=3D"https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener"><span style=3D"font-size: 10.0pt; color: #00568c;">Manage Sub= scriptions</span></a>=C2=A0=C2=A0<span style=3D"font-size: 10.0pt; color: #= 757575;">|=C2=A0=C2=A0</span><a href=3D"https://www.cisa.gov/privacy-policy=
    " target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; colo=
    r: #00568c;">Privacy Policy</span></a><span style=3D"font-size: 10.0pt; col= or: #757575;">=C2=A0=C2=A0|=C2=A0 <a href=3D"https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a></span><span style= =3D"font-size: 10.0pt; color: #757575;"></span></p>
    <p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">Connect with CISA: <br></span><a href=3D"https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; = color: #00568c;">Facebook</span></a><span style=3D"font-size: 10.0pt; color=
    : #757575;">=C2=A0 |=C2=A0 </span><a href=3D"https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: = #00568c;">Twitter</span></a><span style=3D"font-size: 10.0pt; color: #75757= 5;">=C2=A0 |=C2=A0 </span><a href=3D"https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: #0056= 8c;">Instagram</span></a><span style=3D"font-size: 10.0pt; color: #757575;"= >=C2=A0 |=C2=A0 </span><a href=3D"https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= "><span style=3D"font-size: 10.0pt; color: #00568c;">LinkedIn</span></a><sp=
    an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self"><span style=3D"font-size: 10.0pt; color: #00568c;">YouTube</spa= n></a><span style=3D"font-size: 10.0pt; color: #757575;"></span></p>

    </div>
    <div id=3D"tagline">
    <hr>
    <table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=

    <tbody>

    <td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
    <td align=3D"right" width=3D"11%"><a href=3D"https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
    " width=3D"115"></a></td>
    </tr>
    </tbody>
    </table>
    <style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
    img {margin-left:0px; margin-right:0px;}</style>

    </div>
    </td>
    </tr>
    </table>

    <img alt=3D"" src=3D"https://links-2.govdelivery.com/CI0/0101019c2f673895-c= bf2d245-60c7-4c89-b389-3fcf00a5679e-000000/G2uxNSIRJIchIUztadK0n3_7_TkLsqE3= mRVJ6mVRMWw=3D443" style=3D"display: none; width: 1px; height: 1px;">
    </body>
    </html>

    --===============6462095378844558428==--

    --===============7964677308733940673==--