IT disaster recovery, cloud computing and information security news

CISA updates guidance on the SolarWinds Orion Compromise

The US Cybersecurity & Infrastructure Security Agency (CISA) has updated its Emergency Directive concerning the SolarWinds Orion Compromise. The Directive provides guidance for Federal agencies but is also relevant for critical infrastructure entities and other private sector organizations.

Titled Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise the guidance supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2 and confirms that SolarWinds Orion Platform version 2020.2.1 HF2 has been examined by the National Security Agency and has been verified to eliminate the previously identified malicious code. This version also includes updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.

CISA has also updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update ‘includes new information on initial access vectors, updated mitigation recommendations, and new indicators of compromise (IOCs)’.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.