CISA list of Bad Practices - WST

The Cybersecurity & Infrastructure Security Agency (CISA) released a statement on adding single-factor authentication to its list of bad practices that are exceptionally risky. See https://www.cisa.gov/news-events/alerts/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices for details.

While the CISA is focused on Critical Infrastructure and National Critical Functions, they encourage all organizations to “engage in the necessary actions and critical conversations to address Bad Practices.”

This short list of Bad Practices can be summarized as:

Don’t use unsupported (or end-of-life) software.
1. Don’t use known/fixed/default passwords and credentials.
2. Don’t use single-factor authentication for remote or administrative access.

See https://www.cisa.gov/news-events/news/bad-practices-0 for details. While you’re there, note that the CISA website offers a wealth of other useful cybersecurity information.

Authored by: David Matt, CBISO, CEH, September 2nd, 2021