CISA Adds the Next (#3) Cybersecurity Bad Practices to its Catalog – Updated August 31, 2021

Bad Practice #3 – Use of Single-Factor Authentication (SFA)

The Cybersecurity and Infrastructure Security Agency (CISA) published a new update to its cybersecurity “Bad Practices” catalog. Despite the need to improve best practices in the cyber realm, getting rid of unsafe cyber activities can also significantly improve an organization’s security. In this updated version, CISA adds the use of single-factor authentication (SFA) to its list of Bad Practices. The current list now includes: using unsupported or end-of-life software, utilizing known/fixed/default passwords and credentials, and the use of single-factor authentication for remote or administrative access to systems. Access the BadPractices webpage at CISA.

Original post – June 24, 2021

It is equally important for organizations to understand and address cybersecurity bad practices as it is for them to adopt best practices, although they often focus on the latter, writes Cybersecurity and Infrastructure Security Agency Executive Assistant (CISA) Director Eric Goldstein in a blog. As he notes, there is no lack of best practices, with numerous standards, practices, control catalogs, and guidelines available to improve an organization’s cybersecurity. To help address and put an end to the bad practices, CISA has published a new catalog of bad cybersecurity practices that it encourages cybersecurity leaders and professionals to review. The current list is short, with bad practices that include relying upon unsupported or end-of-life software and using known/fixed/default passwords and credentials. CISA notes it intends to update the list and encourages partners to monitor the webpage for additions. Access the webpage at CISA.