* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* How Palo Alto Networks Co...

# How Palo Alto Networks Cortex Helps Federal Agencies Comply with CISA's Binding Operational Directive 23-01

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01%2F)  
[](https://twitter.com/share?text=How+Palo+Alto+Networks+Cortex+Helps+Federal+Agencies+Comply+with+CISA%E2%80%99s+Binding+Operational+Directive+23-01&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01%2F&title=How+Palo+Alto+Networks+Cortex+Helps+Federal+Agencies+Comply+with+CISA%E2%80%99s+Binding+Operational+Directive+23-01&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/how-palo-alto-networks-cortex-helps-federal-agencies-comply-with-cisas-binding-operational-directive-23-01/&ts=markdown)  
\[\](mailto:?subject=How Palo Alto Networks Cortex Helps Federal Agencies Comply with CISA’s Binding Operational Directive 23-01)  
Link copied  
By [Zach Gore](https://www.paloaltonetworks.com/blog/author/zach-gore/?ts=markdown "Posts by Zach Gore")  
Nov 03, 2022  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[BOD23-01](https://www.paloaltonetworks.com/blog/tag/bod23-01/?ts=markdown)  
[CISA Binding Operational Directive 23-01](https://www.paloaltonetworks.com/blog/tag/cisa-binding-operational-directive-23-01/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)

In October 2022, the U.S. Department of Homeland Security(DHS), along with the Cybersecurity \& Infrastructure Security Agency(CISA), issued [Binding Operational Directive 23-01 (BOD 23-01)](https://www.cisa.gov/binding-operational-directive-23-01), which instructs Federal agencies to "make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities."

BOD 23-01 supports and enhances other recent cybersecurity directives, including [Executive Order 14028 on Improving the Nation's Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) and [BOD 22-01](https://www.cisa.gov/binding-operational-directive-22-01), which introduced a list of Known Exploited Vulnerabilities (KEVs) that threat actors have exploited. In another blog post, we have previously highlighted [how Cortex Xpanse can identify CISA-identified Known Exploited Vulnerabilities](https://www.paloaltonetworks.com/blog/security-operations/cortex-xpanse-identify-cisa-kev/).

### **What is BOD 23-01?**

BOD 23-01 requires agencies to enhance ***asset discovery and vulnerability enumeration capabilities*** to secure their public-facing internet assets. This involves continuously and comprehensively discovering an organization's known and unknown internet-connected assets to eliminate gaps in their security posture. Xpanse can help Federal agencies vastly scale their ability to perform these critical cybersecurity functions.

Federal cybersecurity leaders must be able to answer three critical questions in the event of an emerging threat, zero-day event, or vulnerability management initiative:

1. Do I own the affected systems or assets?
2. Are they vulnerable to the exploit(s)?
3. Have they been compromised?

Palo Alto Networks Cortex capabilities, including Xpanse and Cortex XSOAR, leverage analytics, AI, and automation to discover and inventory agencies' entire attack surface, identify potential misconfiguration and vulnerabilities, and stitch together internal and external data to drive rapid situational understanding and remediation action.

### **Xpanse and Cortex XSOAR help Federal agencies address Required Actions, Reporting Requirements, and Metrics laid out in BOD 23-01**

Xpanse can help Federal Civilian Executive Branch (FCEB) agencies rapidly comply with many of the new requirements put in place by BOD 23-01:

* ***Perform automated asset discovery every seven days. While many methods and technologies can be used to accomplish this task, at minimum, this discovery must cover the entire IPv4 space used by the agency.***

The Xpanse Attack Surface Management platform performs automated asset discovery across the global internet on a sub-daily basis and refreshes scan observations in the platform every 24 hours. Some cloud assets move rapidly between multiple IP addresses, making it difficult to track their movement across the internet with a less regular discovery cadence. Xpanse ensures that your attack surface data is always up-to-date.

* ***Initiate vulnerability enumeration across all discovered assets, including all discovered nomadic/roaming devices (e.g., laptops), every 14 days.***

Xpanse automatically surfaces more than 500 unique issues and inferred vulnerabilities across your attack surface and prioritizes those risks based on industry best practices. The Xpanse Cyber Research Engineering team can enumerate additional vulnerabilities through customized out-of-product techniques and may test for vulnerability status with legal approval from a duly authorized agency official.

Cortex XSOAR can ingest Xpanse observations and initiate scanning playbooks that integrate with internal tools and datasets, such as your organization's vulnerability management scanner (e.g., Tenable Nessus, Rapid7 InsightVM, etc.).

* ***Initiate automated ingestion of vulnerability enumeration results (i.e., detected vulnerabilities) into the CDM Agency Dashboard within 72 hours of discovery completion (or initiation of a new discovery cycle if previous full discovery has not been completed).***

All Expander data, including issue and inferred vulnerability data, is available via API and can be connected to a wide variety of tools and services via out-of-the-box integrations. Palo Alto Networks also offers professional services support to build custom integrations for products that do not have a pre-built integration.

* ***Develop and maintain the operational capability to initiate on-demand asset discovery and vulnerability enumeration to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA and provide the available results to CISA within seven days of request.***

In addition to Xpanse's sub-daily scanning cadence, our Cyber Research Engineering team can perform ad hoc, on-demand scanning of customer assets. These scans are highly configurable to discover and identify specific services, devices, and associated vulnerabilities. Results are typically available within hours of the request.

### **The Xpanse ASM Platform is the foundation of asset visibility and vulnerability detection on Federal networks**

Xpanse's global asset discovery, identification, and attribution capabilities can enhance FCEB agencies' existing tools and processes to continuously monitor the USG's Federal Civilian digital attack surface. The Expander platform also creates a common operating picture for both users and integrated tools, serving as the single source of truth for the full universe of publicly accessible assets and helping to better target internal scanners and vulnerability management programs.

Xpanse creates a complete system of record of all of an agency's internet-facing assets, detects potential vulnerabilities for immediate remediation, assesses internet asset compliance with CISA directives (such as BODs 18-01 and 22-01) and internet communication policies, and provides real-time, ongoing tracking and awareness with centralized reporting.

Leveraging XSOAR, agencies can automate the vulnerability management and reporting process by searching for vulnerable assets, correlating threat intelligence, identifying the asset owner, and verifying compliance using the agency's VM scanning platform. Results can be reported in near-real-time via dashboards and other reporting.

As the foundation of a holistic cybersecurity ecosystem, Xpanse and XSOAR can rapidly improve agencies' asset inventory and vulnerability enumeration capabilities and bring them into compliance with CISA's new BOD 23-01.

**To learn more about how Xpanse can help you address BOD 23-01, [watch our product tour here.](https://start.paloaltonetworks.com/demo-request)**

*** ** * ** ***

## Related Blogs

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Enhancing Critical Risk Detection with Cortex Xpanse Attack Surface Rules](https://www2.paloaltonetworks.com/blog/security-operations/enhancing-critical-risk-detection-with-cortex-xpanse-attack-surface-rules/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Rage Against the (IP Enabled) Machines: Using Attack Surface Management to Discover Exposed OT and ICS Systems](https://www2.paloaltonetworks.com/blog/security-operations/rage-against-the-ip-enabled-machines-using-attack-surface-management-to-discover-exposed-ot-and-ics-systems/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Accelerate Your Cloud Migration Initiatives with Active Attack Surface Management](https://www2.paloaltonetworks.com/blog/security-operations/accelerate-your-cloud-migration-initiatives-with-active-attack-surface-management/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Prevent Critical Exposures for Employees on Unsecure Remote Networks Using ASM for Remote Workers Coverage](https://www2.paloaltonetworks.com/blog/security-operations/attack-surface-management-for-remote-workers/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's Next in Cortex: New Innovations for Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-new-innovations-for-security-operations/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Get Ahead of Chrome Changes with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/get-ahead-of-chrome-changes-with-cortex-xpanse/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language