Cybersecurity and Infrastructure Security Agency (CISA) You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.
*Note: *We have updated this alert with the correct links. Apologies for the inconvenience. CISA Releases Analysis of FY23 Risk and Vulnerability Assessments [ https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments ] 09/13/2024 2:00 PM EDT CISA has released an analysis [ https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf ] and infographic [ https://www.cisa.gov/sites/default/files/2024-09/InfographicFY23RVA508.pdf ] detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The analysis [ https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf ] details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic [ https://www.cisa.gov/sites/default/files/2024-09/InfographicFY23RVA508.pdf ] [ https://usdhs-my.sharepoint.com/:b:/g/personal/gabrielle_mollenkopf_cisa_dhs_gov/EWNSN52-kCdCmYxvy1gL1GEBgGreFCMrhM5yCWsExTAcFw?e=h3wfsh ]highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK® framework. CISA encourages network defenders to review the analysis and infographic [ https://www.cisa.gov/resources-tools/resources/risk-and-vulnerability-assessments ] [ https://www.cisa.gov/resources-tools/resources/risk-and-vulnerability-assessments ]and apply the recommended mitigations to protect against the observed tactics and techniques. This product is provided subject to this Notification [ https://www.cisa.gov/notification ] and this Privacy & Use [ https://www.cisa.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } Having trouble viewing this message? View it as a webpage [ https://content.govdelivery.com/accounts/USDHSCISA/bulletins/3b59a5f ]. [ https://content.govdelivery.com/accounts/USDHS/bulletins/292141e ] You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency [ https://www.cisa.gov ] (CISA) Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/subscriber/edit?preferences=true#tab1 ] | Privacy Policy [ https://www.cisa.gov/privacy-policy ] | Help [ https://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https://insights.govdelivery.com/Communications/Subscriber_Help_Center ] Connect with CISA: Facebook [ https://www.facebook.com/CISA ] | Twitter [ https://twitter.com/CISAgov ] | Instagram [ https://Instagram.com/cisagov ] | LinkedIn [ https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency ] | YouTube [ https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ] ________________________________________________________________________ This email was sent to [email protected] using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 GovDelivery logo [ https://subscriberhelp.granicus.com/ ] body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
