What did CISA retire on January 10, 2026?

CISA retired ten Emergency Directives that were issued between 2019 and 2024.

Why did CISA retire these Emergency Directives?

The directives were retired because they either achieved their purpose or are now covered by Binding Operational Directive 22-01.

What is Binding Operational Directive 22-01?

It is a compulsory directive requiring federal agencies to focus on mitigating known exploited vulnerabilities.

Home / Technology / CISA Retires 10 Emergency Directives: A Cybersecurity Milestone

CISA Retires 10 Emergency Directives: A Cybersecurity Milestone

10 Jan

•

Summary

CISA retired ten Emergency Directives issued between 2019 and 2024.
This action marks the largest simultaneous retirement of Emergency Directives by CISA.
The retired directives are now encompassed by Binding Operational Directive 22-01.

CISA Retires 10 Emergency Directives: A Cybersecurity Milestone

The US Cybersecurity and Infrastructure Security Agency (CISA) recently announced the retirement of ten Emergency Directives (EDs), representing the largest simultaneous closure of these mandates in its history. Issued between 2019 and 2024, these directives have now fulfilled their purpose, with many either fully implemented or absorbed into the framework of Binding Operational Directive 22-01.

This significant action underscores CISA's dedication to its Secure by Design principles, which prioritize enhanced security, transparency, and configurability within federal cybersecurity. The agency emphasized its ongoing commitment to issuing directives as necessary to swiftly address emergent cyber threats and reduce risks across federal civilian executive branch agencies.