Federal Cybersecurity

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Emergency Directive

A CISA-issued directive under 44 U.S.C. 3553(h) that compels federal civilian executive branch agencies to take specific actions in response to a known or reasonably suspected information security threat, vulnerability, or incident. Emergency Directives are the acute counterpart to Binding Operational Directives and have been used for incidents including the SolarWinds compromise (ED 21-01), Log4j (ED 22-02), and the 2024 Microsoft Exchange Online intrusions. Compliance is mandatory for FCEB agencies; CISA reports compliance posture to OMB and Congress.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.