Hours after warning that government agencies have been affected by vulnerabilities found in a piece of virtual private networking software, the Cybersecurity and Infrastructure Security Agency issued its third emergency directive in five months to civilian federal agencies.
The new directive instructs agencies to repeatedly run a tool on all devices using Pulse Connect Secure products that checks for issues associated with exploits allegedly being used by a hacking campaign with links to the Chinese government.
If the tool does not detect an issue, agencies should continue to run it daily until a patch is developed or apply a workaround mitigation. CISA also wrote that it is coordinating its response with FedRAMP, the government's program to provide a standardized security assessment for cloud products and services.