CISA Begins Cataloging Bad Practices that Increase Cyber Risk

In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced  the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.

While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.

CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.