The Federal Communications Commission’s (FCC) Covered List should be incorporated into risk management strategies, according to the US Cybersecurity and Infrastructure Security Agency (CISA). The Secure and Trusted Communications Networks Act of 2019 includes a number of communications equipment and service providers that have been identified by the US government as potentially posing a risk to national security.
According to Mike Parkin, a senior technical engineer at Vulcan Cyber, “organisations that are bound by CISA’s directives are required to follow them and take the necessary actions, while for civilian organisations, CISA directives are simply recommendations.” However, they have traditionally been excellent suggestions and are highly worth implementing from a cybersecurity perspective.