|
Reducing the Attack Surface for End-of-Support Edge Devices
What Are EOS Edge Devices?
Edge devices are technologies that reside on the boundary of a network and are accessible from the public internet and other external environments. An edge device becomes an “end‑of‑support” (EOS) device when its manufacturer no longer:
- Monitors it for defects in its software and/or firmware; and
- Updates it with patches for common vulnerabilities and exposures (CVEs), security updates, and software fixes (hotfixes).
EOS edge devices pose significant risks for organizations because threat actors can exploit unresolved security gaps. Nation‑state threat actors can exploit these devices as entry points to access modern, supported environments, placing organizations’ data, services, and overall security at serious risk.
https://www.fbi.gov/investigate/cyber/alerts/2026/reducing-the-attack-surface-for-end-of-support-edge-devices
This Fact Sheet addresses two issues that all businesses should monitor. More importantly, all DoD contractors should also be keenly aware of these issues. All external facing devices pose a threat. Devices that are no longer being supported also provide a threat since the manufacturer is no longer actively involved with conducting security reviews or issuing updates. Both are included as NIST 800-171 r2 security measures. The System Security Plan (SSP) should have an appendix or supplement that lists all devices and associated information. This listing may also be of use for budget purposes and to develop network management and upgrade plans.
| 
