Co-authored by Roland Holloway
In the first installment of this blog series “Understanding CISA BOD 26-02: Mitigating risk from End-of-Support Devices”, we explored the critical directive issues by CISA (CISA Binding Operational Directive 26-02) and the urgent need for agencies to identify, upgrade, and replace End-of-Support edge devices. This foundational work is essential because unsupported routers, switches, firewalls, VPN gateways, and other perimeter technologies pose persistent security risks because they no longer receive the security updates needed to defend against modern threat actors.
Once U.S. Public Sector agencies modernize their edge infrastructure, they gain an opportunity to do more than remove obsolete technology. They can transform their networks into a powerful source of security intelligence, operational visibility across platforms (including other vendors), and zero-trust enforcement. Modern Cisco networking and security platforms are not merely faster versions of legacy devices. They deliver telemetry, identity context, policy enforcement, cloud-managed operations, and analytics that help agencies continuously understand what is connected, who is accessing resources, and where emerging risks lie.
This transformation represents the next step in the BOD 26-02 journey: moving beyond lifecycle remediation towards continuous discovery, enhanced visibility, and ongoing modernization.
Figure 1: The BOD 26-02 Journey
The Network Is Now a Security Sensor
For years, government networks were often treated as transport infrastructure: move packets reliably, connect users to applications, and keep branches online. Today, that model is no longer enough. The network sees what many other tools cannot. It sees traffic patterns, application usage, device behavior, user access paths, lateral movement attempts, anomalous flows, and policy violations.
When agencies activate modern telemetry capabilities such as NetFlow and IPFIX from routers and switches, NSEL from firewalls, endpoint identity from Cisco Identity Service Engine (ISE), and access context from Cisco Duo and Cisco Secure Access, the network becomes an active participant in cyber defense.
That matters because adversaries increasingly target the edge, use valid credentials, and attempt to blend into normal network activity. Agencies need infrastructure that can continuously discover assets, enforce least privilege, detect abnormal behavior, and provide actionable intelligence to security teams.
Cisco Secure Access for Government: Modern Access Without Expanding the Attack Surface
Cisco Secure Access for Government helps agencies move beyond legacy remote access models by delivering a cloud-managed Security Service Edge architecture. Instead of exposing private applications broadly or relying only on traditional VPN access, agencies can apply Zero Trust Network Access (ZTNA) controls that grant access per user, per device, and per application.
Key capabilities include ZTNA, secure web gateway, CASB (Cloud Access Security Broker), DLP (Data Loss Prevention), DNS-layer security, firewall as a service, intrusion prevention, remote browser isolation, and VPN-as-a-Service for applications that still require broader private access. This gives agencies a practical path to modernize remote and hybrid access while reducing the visibility of internal applications to unauthorized users.
Secure Access also integrates with Cisco Duo and Cisco Catalyst SD-WAN, creating a more unified SASE approach for agencies that need secure connectivity, consistent policy, and strong user experience across headquarters, branches, remote workers, and cloud environments.
Cisco Duo Federal: Strong Identity for Zero Trust
Replacing unsupported edge devices helps reduce infrastructure risk, but agencies must also help ensure that only trusted users and trusted devices can access mission systems. Cisco Duo Federal provides FedRAMP-certified identity security options designed for government environments.
Duo Federal helps agencies strengthen access with multi-factor authentication, device trust, policy controls, and support for federal identity assurance needs. Duo Federal Essentials provides a foundation for strong authentication and secure access, while Duo Federal Advantage adds stronger policy options such as role-based and location-based access controls, biometric authentication, and the ability to block outdated devices from access.
This is especially important in a zero-trust architecture. The question is no longer simply, “Is the user on the network?” The better question is, “Is this the right user, on a healthy device, accessing the right application, under the right conditions?”
Cisco Catalyst SD-WAN for Government: Secure, Resilient Connectivity at Scale
As agencies replace legacy edge devices, Cisco Catalyst SD-WAN for Government can help modernize wide area networking with centralized management, secure cloud connectivity, segmentation, and simplified operations.
Cisco Catalyst SD-WAN for Government supports WAN optimization, cloud on-ramp capabilities, automated provisioning, continuous monitoring, identity-based micro segmentation, and SASE readiness. For distributed agencies, this means branch locations, cloud services, and remote users can be connected through a more secure and resilient architecture.
It also helps agencies shift from device-by-device operations to policy-driven management. That is critical for lifecycle management because agencies need consistent visibility into the state of their infrastructure, the software versions in use, and the health of the network fabric over time.
Cisco Meraki for Government: Cloud-Managed Visibility and Operational Simplicity
For agencies seeking simplified operations across distributed environments, Cisco Meraki for Government provides a cloud-managed platform across wireless, switching, security, SD-WAN, and cellular gateways.
Meraki for Government can help agencies manage and monitor the network stack from a single dashboard, support zero-touch deployment, and improve visibility into clients, applications, connectivity paths, and network health. These capabilities are especially valuable for agencies with lean IT teams, remote sites, field offices, libraries, public safety locations, or citizen service centers.
Modernization is not just about adding new security tools. It is also about reducing operational friction. A cloud-managed approach can help agencies deploy faster, troubleshoot more efficiently, and maintain stronger control over infrastructure that might otherwise become difficult to inventory and manage over time.
Cisco ISE: Identity, Posture, and Segmentation Inside the Network
Cisco Identity Services Engine (ISE) is a foundational control point for zero-trust networking. ISE helps agencies identify users and endpoints, assess posture, classify devices, and enforce access policies across the network.
With capabilities such as endpoint profiling, posture assessment, pxGrid ecosystem integrations, AI Endpoint Analytics, and software-defined segmentation with Security Group Tags, ISE enables agencies to move from static access models to dynamic policy enforcement.
This is where visibility becomes action. When ISE identifies an unknown device, a noncompliant endpoint, or a user attempting access outside normal policy, agencies can use that context to limit access, segment sensitive systems, or trigger additional investigation. Combined with network analytics and access telemetry, ISE helps agencies build a more adaptive and defensible architecture.
Cisco Secure Network Analytics: NetFlow, NSEL, and Behavioral Detection
One of the most powerful underutilized capabilities in many government networks is telemetry already available from Cisco infrastructure.
Routers and switches can export NetFlow or IPFIX to provide visibility into traffic patterns, source and destination relationships, ports, protocols, volume, and timing. Cisco firewalls can provide NetFlow Secure Event Logging, or NSEL, to add stateful firewall context such as flow creation, teardown, denial, and update events.
Cisco Secure Network Analytics uses this type of network telemetry, along with behavioral modeling and machine learning, to detect threats that may bypass traditional controls. This can include insider threats, data exfiltration, policy violations, command-and-control activity, lateral movement, and suspicious behavior in encrypted traffic without decrypting the payload.
When integrated with Cisco ISE, Secure Network Analytics can add user, device, and segmentation context to investigations. This helps security teams answer better questions faster: What communicated? Who or what device was involved? Was the behavior normal? Was policy violated? What should be contained?
From Compliance Deadline to Continuous Modernization
BOD 26-02 creates urgency around End-of-Support edge devices, but the larger mission is ongoing resilience. Agencies need continuous discovery, lifecycle management, secure access, strong identity, segmentation, threat prevention, and network telemetry that turns infrastructure into intelligence.
Cisco’s U.S. Public Sector-ready portfolio can help agencies move in that direction:
| Cisco Secure Access for Government | Modernizes secure access and Security Service Edge |
| Cisco Duo Federal | Strengthens identity, MFA, and device trust |
| Cisco Catalyst SD-WAN for Government | Provides secure, resilient WAN modernization |
| Cisco Meraki for Government | Simplifies cloud-managed networking |
| Cisco ISE | Delivers identity-based access, profiling, posture, and segmentation |
| Cisco Secure Firewall | Provides next-generation firewall enforcement, intrusion prevention, application visibility and control, VPN, malware defense, segmentation, and firewall telemetry through NSEL to strengthen threat detection and response |
| Cisco Secure Network Analytics | Turns NetFlow, IPFIX, and NSEL into actionable security intelligence |
The path forward is clear: replace unsupported edge devices, then activate the capabilities that make the modern network more visible, more secure, and more responsive. Secure Firewall plays a critical role in this modernization by serving as both a policy enforcement point and a rich telemetry source, helping agencies detect threats, control access, segment sensitive environments, and feed analytics platforms with high-value network security events.
Figure 2: The BOD 26-02 Journey – Cisco’s USPS – Ready Portfolio
By transforming the network into a sensor, agencies can do more than support compliance requirements. They can build a foundation for zero trust, continuous discovery, and mission resilience in an evolving threat landscape.
