Are you on the DHS CISA cybersecurity naughty list?

By: Matthew Karnas, Director of Cybersecurity Practices, VMD Corp

Process is the crucial DevSecOps enabler

Published on Sep 13, 2021

CISA has introduced a website where they list its top cybersecurity bad practices, With these bad practices, CISA targets organizations that support Critical Infrastructure or National Critical Functions (NCF), but why wouldn’t all organizations follow these guidelines? At the moment, there are only three items listed as bad practices:

CISA has also opened up the discussion to interested parties on their GitHub, so feel free to comment and vote for what should be the 4th item on their list.

How do you know if your organization is following these bad practices? If you are unable to answer these questions with confidence, you might be on the naughty list.