Skip to main content

CISA Emergency & Binding Operational Directives

Overview

Cloud.gov maintains compliance with all Cybersecurity and Infrastructure Security Agency (CISA) Emergency Directives (EDs) and Binding Operational Directives (BODs) as required for federal civilian executive branch systems. Emergency Directives require immediate action to address critical vulnerabilities, while Binding Operational Directives establish ongoing security requirements. Cloud.gov's compliance with these directives is documented in our FedRAMP Moderate Authorization package and continuous monitoring reports.

FAQs

Q: How quickly does Cloud.gov respond to Emergency Directives? A: We target remediation within 24-48 hours, ahead of typical 72-hour requirements.

Q: Do I need to implement directives separately? A: Platform-level requirements are inherited. Customer Responsibility: Implement any application-specific requirements.

Q: How are customers notified of directive actions? A: Critical updates posted to status.cloud.gov. Detailed evidence available in FedRAMP repository.

Q: What if a directive requires capabilities Cloud.gov doesn't provide? A: We document compensating controls or platform limitations in our applicability statements.

GSA.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov