Complying with CISA Binding Operational Directive 23-02

Opengear can be deployed in compliance with requirements in Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. To ensure compliance, customers deploying Opengear products must consider the following points:

• Wired/IP Connectivity: Lighthouse and Opengear appliances should be deployed behind enterprise firewalls or security appliances. This setup provides an additional layer of protection by preventing direct public access to the devices. Opengear appliance’s wired network connections cannot be directly connected to internet-facing public IPs. Additionally, they must be connected to internal networks within the ZTA.

• Enterprise Firewalls/Security Appliances: Deploying Opengear appliances behind enterprise firewalls or security appliances further secures them from unauthorized access.

• Cellular Functionality: Some Opengear appliances come equipped with cellular functionality. It is the customers' responsibility to ensure that there are no possibilities of direct access to the cell interfaces. This may involve not using a Static or Dynamic Public IP plan which may allow you direct access to the appliance over the internet, as it could expose the management interfaces to the public internet.

For customers based in the United States, the following scenarios/guidelines can be considered when deploying Opengear Appliances with Cellular Option enabled:

• Customers deploying Lighthouse (Opengear's Secure Access Portal) as a centralized access point inside their ZTA (Zero Trust Architecture).

Alternatively, if you do not have Lighthouse, consider one or all of the below solutions to comply with CISA.

• Private APNs: Use private Access Point Names (APNs) cellular carriers provide to establish a secure connection. Private APNs are isolated from the public internet and provide a dedicated communication channel for the Opengear device.

• The final option aligns with CISA's proposed implementation of Zero Trust Architecture, as illustrated in the accompanying image. For more detailed information, please refer to the provided link. BOD 23-02: Implementation Guidance for Mitigating the Risk from Internet-Exposed Management Interfaces | CISA

By following these guidelines, US-based customers can deploy Opengear products in a manner that aligns with the requirements of Binding Operational Directive 23-02 and helps mitigate the risk from internet-exposed management interfaces.

For further questions or clarification please feel free to contact our Opengear Support team at support@opengear.com