CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure.
ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to:
- Implement the mitigations as detailed in the ED.
- Report indications of compromise to CISA.
- Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service.
- Apply the updates to the products within 48 hours of Ivanti releasing the updates.
- Provide CISA with a report that includes:
- A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks.
- Details on actions taken and results.
Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.