The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced the retirement of 10 Emergency Directives (EDs) that were originally issued between 2019 and 2024 to address urgent and high impact cybersecurity threats facing federal systems.
According to CISA, these directives are now considered closed after successful remediation efforts and the integration of long term security controls across federal agencies.
Retired Emergency Directives
The following Emergency Directives have officially been closed.
- ED 19-01, Mitigate DNS Infrastructure Tampering
- ED 20-02, Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
- ED 20-03, Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
- ED 20-04, Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
- ED 21-01, Mitigate SolarWinds Orion Code Compromise
- ED 21-02, Mitigate Microsoft Exchange On Premises Product Vulnerabilities
- ED 21-03, Mitigate Pulse Connect Secure Product Vulnerabilities
- ED 21-04, Mitigate Windows Print Spooler Service Vulnerability
- ED 22-03, Mitigate VMware Vulnerabilities
- ED 24-02, Mitigating the Significant Risk from Nation State Compromise of Microsoft Corporate Email System
CISA stated that these directives were originally issued to protect Federal Civilian Executive Branch (FCEB) agencies from active and emerging cyber risks. The agency worked closely with federal partners to resolve vulnerabilities, implement best practices, and strengthen overall resilience across government networks.
Transition to Long Term Enforcement
CISA emphasized that Emergency Directives are designed to ensure rapid mitigation of urgent threats. In this case, the required actions have either been fully implemented or are now enforced through Binding Operational Directive 22-01, which focuses on reducing the risk from known exploited vulnerabilities.
CISA Acting Director Madhu Gottumukkala noted that closing these directives demonstrates the agency’s ongoing commitment to collaboration and operational excellence across the federal cybersecurity landscape.
He added that CISA continues to focus on eliminating persistent access, countering emerging threats, and providing timely mitigation guidance. Looking ahead, the agency is advancing Secure by Design principles, with an emphasis on transparency, configurability, and interoperability, to help organizations better defend complex and diverse digital environments.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
