10 emergency directives retired as CISA declares them redundant

1. Pro
2. Security

10 emergency directives retired as CISA declares them redundant News By Sead Fadilpašić published 9 January 2026

The directives served their purpose

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Thapana Onphalai via Getty Images) Share Share by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google

• CISA retired ten Emergency Directives, citing successful implementation or redundancy under BOD 22-01
• BOD 22-01 mandates agencies patch known exploited vulnerabilities (KEVs) within strict deadlines
• This marks the largest simultaneous ED retirement, reinforcing CISA’s Secure by Design principles

The US Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives (ED) it issued between 2019 and 2024, saying they achieved their purpose and are no longer needed.

In a short announcement published on its website, CISA said the EDs have either been successfully implemented or are now encompassed through Binding Operational Directive (BOD) 22-01, making them redundant.

“When the threat landscape demands it, CISA mandates swift, decisive action by Federal Civilian Executive Branch (FCEB) agencies and continues to issue directives as needed to drive timely cyber risk reduction across federal enterprise,” said CISA Acting Director Madhu Gottumukkala.

You may like

• CISA staff fired in a fresh cuts for Trump's administration - some forcibly reassigned to ICE
• CISA warns exploited Cisco flaws are a serious risk, so patch now
• US Government orders patching of critical Windows Server security issue

Secure by Design principles

BOD 22-1: Reducing the Significant Risk of Known Exploited Vulnerabilities is a compulsory federal cybersecurity directive first issued on November 3, 2021. It requires Federal Civilian Executive Branch Agencies (FCEB) to focus their vulnerability-management efforts on a curated list of known exploited vulnerabilities (KEVs) that pose significant risk. The directive establishes a CISA-managed catalog of these actively exploited flaws and sets strict deadlines for remediation, compelling agencies to patch or otherwise mitigate them within specified timeframes.

This binding directive has thus retired the following Emergency Directives:

ED 19-01: Mitigate DNS Infrastructure Tampering     

ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday   

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday 

ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday  

ED 21-01: Mitigate SolarWinds Orion Code Compromise   

You may like

• CISA staff fired in a fresh cuts for Trump's administration - some forcibly reassigned to ICE
• CISA warns exploited Cisco flaws are a serious risk, so patch now
• US Government orders patching of critical Windows Server security issue

ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities  

ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities 

ED 21-04: Mitigate Windows Print Spooler Service Vulnerability 

ED 22-03: Mitigate VMware Vulnerabilities  

ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System 

CISA also said that this is the highest number of EDs retired at one time.

“The closure of these ten Emergency Directives reflects CISA’s commitment to operational collaboration across the federal enterprise. Looking ahead, CISA continues to advance Secure by Design principles – prioritizing transparency, configurability, and interoperability - so every organization can better defend their diverse environments,” Gottumukkala explains. 

Via BleepingComputer

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more CISA staff fired in a fresh cuts for Trump's administration - some forcibly reassigned to ICE    CISA warns exploited Cisco flaws are a serious risk, so patch now    US Government orders patching of critical Windows Server security issue    'Significant' threat to US networks after hackers stole F5 source code, CISA warns    CISA warns Motex Landscope Endpoint Manager has a worrying security flaw, so patch now    Congressional stopgap deal secures critical CISA Act and FCEA funding amid longest ever US government shutdown – but don’t expect it to end anytime soon    Latest in Security IBM's AI 'Bob' could be manipulated to download and execute malware    Takedowns and arrests didn't slow down ransomware in 2025    This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know    NordPass adds built-in TOTP authenticator for personal accounts    Congressional staff emails hacked as part of Salt Typhoon campaign    Personal data on over 700,000 exposed by Illinois government agency    Latest in News DJI isn't the only drone maker hit by new US laws – the world's first waterproof selfie drone could be next    Cloudflare and La Liga's conflict deepens as piracy legal battle continues    Nvidia’s next-generation RTX 60 series GPUs rumored to be on track to launch next year    Garmin's closest Apple Watch Ultra rival is getting a soft gold revamp    ‘Gemini can't possibly be this stupid' – Google's smart home issues continue    Obsidian's Avowed is leaping from Xbox to PS5 next month    LATEST ARTICLES

1. 110 emergency directives retired as CISA declares them redundant
2. 2Takedowns and arrests didn't slow down ransomware in 2025
3. 3Dell Pro Max 16 Plus mobile workstation review: Backpack-friendly desktop-class power with a beautiful display
4. 4I waited two years to get a PlayStation Portal, and now wish I’d bought one sooner
5. 5If your best ChatGPT replies keep getting lost, this pin trick will change your life