September 18, 2020
Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 20-04, “Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday”.
Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to “issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information system, including such systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information, for the purpose of protecting the information system from, or mitigating, an information security threat.” 44 U.S.C. § 3553(h)(1)–(2)
Section 2205(3) of the Homeland Security Act of 2002, as amended, delegates this authority to the Director of the Cybersecurity and Infrastructure Security Agency. 6 U.S.C. § 655(3).
Federal agencies are required to comply with these directives. 44 U.S.C. § 3554 (a)(1)(B)(v)
These directives do not apply to statutorily-defined “national security systems” nor to systems operated ..
Support the originator by clicking the read the rest link below.
