Government

Read: DHS releases details on Kaspersky product ban

The recent order to remove Kaspersky products from federal networks impacts almost every government agency within the next 90 days.

By Patrick Howell O'Neill and Greg Otto

September 18, 2017

(U.S. Army Garrison - Miami / Flickr)

The recent order to remove Kaspersky Lab products from federal networks commands almost every government agency to act within the next 90 days, while also carving out a big hole for the Department of Defense and the U.S. intelligence community which are unaffected by the DHS action.

The directive, which will be published in the Federal Register on Tuesday, lays out exactly which products are banned and which are exempt.

The binding operational directive obtained by CyberScoop “does not address Kaspersky code embedded in the products of other companies.”

That could potentially refer to Kaspersky products being used in other companies’ products, which are used widely across Pentagon and civilian agencies. Kaspersky is a multi-national company with a wide array of products, with many agencies harnessing tech that uses Kaspersky Cloud Security for enterprise.

It’s not yet clear how many machines the directive will impact, but DHS should know within the next 30 days when agencies are required to submit a report outlining the full list of Kaspersky-branded products found on agency information systems, how many endpoints are impacted and the methodologies used to find the products.

In 60 days, agencies are told to submit a report outlining a plan of action and in 90 days the removal will begin.

Although DHS binding operational directives don’t apply to “National Security Systems” or some systems operated by the DOD and U.S. intelligence community, a draft of the 2018 National Defense Authorization Act prohibits the DOD to use of any software developed, in whole or in part, by Kaspersky Lab by Oct. 1, 2018.

The full list of Kaspersky products banned by the DHS directive are:

Kaspersky Anti-Virus

Kaspersky Internet Security

Kaspersky Total Security

Kaspersky Small Office Security

Kaspersky Anti Targeted Attack

Kaspersky Endpoint Security

Kaspersky Cloud Security (Enterprise)

Kaspersky Cybersecurity Services

Kaspersky Private Security Network

Kaspersky Embedded Systems Security

You can read the full directive below:

[documentcloud url=”http://www.documentcloud.org/documents/4053173-BODKaspersky.html” responsive=true]

Greg Otto contributed to this report.

Read: DHS releases details on Kaspersky product ban

More Like This

Host of House panels getting briefed on major Chinese hacker telecom breaches

TSA issues proposed cyber mandates for pipelines, rail, airlines

China’s elite hackers expand target list to European Union

Top Stories

Congress must demand a study of America’s cyber forces

More Scoops

Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds

Automatic tank gauge vendors alerted of software vulnerabilities in their products

Who would be the cyber pros in a second Trump term?

Zero trust: How the ‘Jia Tan’ hack complicated open-source software

DHS aims to boost cyber ranks by streamlining clearance approvals

Biden administration bans sale of Kaspersky software in US

DHS releases critical infrastructure priorities for next two years

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

What will GenAI regulation look like in 2025?

GDIT’s Matthew McFadden on cybersecurity threat awareness

Okta’s Christine Halverson talks different types of cybersecurity attacks

Government

Technology

Threats

Geopolitics