top of page
  • Writer's pictureDeborah
    • Aug 11, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) is developing a Catalog of Bad Practices in cybersecurity to help critical infrastructure providers prioritize their cybersecurity responsibilities.

The catalog will focus on those bad practices that are ‘exceptionally risky, especially in organizations supporting Critical Infrastructure or National Critical Infrastructure (‘NCFs’)’ including but not limited to the:

  • Use of unsupported (or end-of-life) software in service of Critical Infrastructure and NCFs.

  • Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and NCF.

Both practices are considered dangerous as they significantly elevate the risk to national security, national economic security, and national public health and safety and are described as especially egregious in internet-accessible technologies.

CISA will expand the list in due course and following market participants’ feedback.


Concerned entities should take notice and monitor CISA's Catalog, this will help them shape and adjust, where relevant, their cybersecurity framework.


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page