In an Open Source Software Security Roadmap released on Tuesday, the agency said it wants to build up the capabilities to better understand the complex open source ecosystem and create visibility around the security risks in this landscape.
As part of its Ransomware Vulnerability Warning Pilot program, CISA has notified more than 100 organizations that they are running internet-exposed devices with flaws that are frequently targeted by ransomware actors, including 26 alerts related to the MOVEit Transfer flaw.
The new directive from CISA aims to help federal agencies identify and secure their network devices that are exposed to the public internet.
The LockBit ransomware group was the most active in the world last year, according to a new advisory, and has collected nearly $100 million in ransoms in three years.
The voluntary goals aim to provide a security baseline, in particular for small- and medium-sized critical infrastructure organizations.