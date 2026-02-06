CISA has issued a binding operational directive requiring the removal of unsupported edge devices

They pose "disproportionate and unacceptable risks" that can be easily remediated

Every organization should focus on renewing hardware, not just the government

The US government's Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning to federal agencies to remove edge devices which have reached or passed end of support (EOS) over security fears.

US Government agencies have been given the next year to remove affected devices and replace them with equipment that's still covered by vendor security updates.

The push comes against a backdrop of rising cyberattacks, with threat actors honing in on vulnerable devices that no longer receive security patches.

The body described edge devices as ones that are accessible via the public internet, like firewalls, routers, switches, wireless access points, network security appliances and IoT edge devices.

CISA said that devices past their sell-by date now pose "disproportionate and unacceptable risks" to federal systems. However, despite the risk that some agencies may be posing to the US government, CISA said it's one that "can be remediated."

"Agencies should mature their lifecycle management practices to identify hardware and software nearing their EOS dates, plan for timely replacements, procure vendor-supported alternatives, and develop a plan for decommissioning EOS devices while minimizing disruptions to agency operations," the binding operational directive (BOD 26-02) reads.

CISA also reminded agencies of Memorandum M-22-09 (Moving the US Government Toward Zero Trust Cybersecurity Principles), whereby they should adopt measures like multi-factor authentication (MFA), proper asset management, critical workload isolation and data encryption to maxmimize security.

Although CISA doesn't plan to public a list of affected devices, the body does encourage all organizations (not just federal agencies) to follow the guidance due to rising threats and easy remediation.

