U.S. flag

An official website of the United States government

Archive Icon The content on this page is archived. For more up-to-date information, go to fedramp.gov.
Warning Icon

Important Notice

FedRAMP is operating mission-essential functions only due to the government shutdown. Please visit fedramp.gov/shutdown for more information.
FedRAMP Guidance on BOD 23-02

FedRAMP Guidance on BOD 23-02

June 15, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) develops and oversees the implementation of “Binding Operational Directives” (BODs) and “Emergency Directives” (EDs). These directives require action on the part of certain federal agencies and cloud service providers (CSPs). FedRAMP works closely with the Joint Authorization Board (JAB) and DHS CISA to issue actions required and outlined in these BODs and EDs.

Binding Operational Directive 23-02

On June 13, 2023, DHS CISA issued Binding Operational Directive 23-02, “Mitigating the Risk from Internet-Exposed Management Interfaces”. This BOD “requires agencies to take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices.”

FedRAMP Response

While there is no required action for FedRAMP commercial CSPs, FedRAMP recommends that CSPs review the content in Binding Operational Directive 23-02 and follow these best practices.

Please contact the PMO at info@fedramp.gov with any questions.