CISA Retires Ten Emergency Directives Following Milestone

The Cybersecurity and Infrastructure Security Agency (CISA) announced on January 8, 2026, the retirement of ten Emergency Directives issued between 2019 and 2024, marking a significant operational milestone for the agency.

This marks the highest number of Emergency Directives retired by the agency simultaneously, reflecting progress in federal cybersecurity efforts.

Emergency Directives are urgent orders issued by CISA to rapidly address emerging threats facing Federal Civilian Executive Branch (FCEB) agencies.

By closing these ten directives, CISA confirms that the required security measures have been successfully implemented across federal systems or are now covered by existing regulations, such as the Binding Operational Directive (BOD) 22-01.

Why Directives Were Closed

Seven directives related to specific vulnerabilities have been retired because those security issues are now tracked in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

These include directives addressing Windows vulnerabilities, Netlogon elevation-of-privilege issues, and VMware security concerns.

Three additional directives, including those addressing the SolarWinds incident and Microsoft Exchange vulnerabilities.

A recent nation-state compromise of Microsoft email systems was closed after CISA determined its objectives had been achieved and practices had evolved beyond its requirements.

CISA Acting Director Madhu Gottumukkala stated that this closure demonstrates the agency’s commitment to federal cybersecurity collaboration.

“Every day, CISA’s team works with partners to eliminate persistent access, counter threats, and deliver real-time guidance,” Gottumukkala noted.

The retired directives include critical orders addressing tampering with DNS infrastructure, Windows patch vulnerabilities from 2020, Pulse Connect Secure threats, and Print Spooler service vulnerabilities.

Full List of Retired Emergency Directives

Here are the now-closed directives, each a rapid response to high-stakes threats:

• ED 19-01: Mitigate DNS Infrastructure Tampering
• ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
• ED 20-03: Mitigate Windows DNS Server Vulnerability from July 2020 Patch Tuesday
• ED 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
• ED 21-01: Mitigate SolarWinds Orion Code Compromise
• ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
• ED 21-04: Mitigate Windows Print Spooler Service Vulnerability
• ED 22-03: Mitigate VMware Vulnerabilities
• ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Rather than relying on emergency directives, these protections are now embedded in CISA’s ongoing security programs.

The agency continues advancing “Secure by Design” principles, highlighting transparency, configurability, and cross-system compatibility across federal infrastructure.

This consolidation allows CISA to streamline federal cybersecurity governance while maintaining protection against critical threats.

As cyber risks evolve, CISA remains prepared to issue new Emergency Directives when threats demand immediate action.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.