We now have a greater understanding of exactly what the Department of Homeland Security’s ban against Kaspersky Labs products means after the department published its directive in the Federal Register on Tuesday.
DHS ordered the removal of Kaspersky products from federal networks last week within the next 90 days. The ban, however, leaves out a big hole for the Department of Defense and the U.S. intelligence community, which are unaffected by the directive.
The binding operational directive, obtained by CyberScoop on Monday, lays out exactly which products are banned and which are exempt, but it “does not address Kaspersky code embedded in the products of other companies,” CyberScoop’s Patrick Howell O’Neill reports.
That could potentially refer to Kaspersky products being used in other companies’ products, which are used widely across Pentagon and civilian agencies. Kaspersky is a multi-national company with a wide array of products, with many agencies harnessing tech that uses Kaspersky Cloud Security for enterprise.
It’s not yet clear how many machines the directive will impact, but DHS should know within the next 30 days when agencies are required to submit a report outlining the full list of Kaspersky-branded products found on agency information systems, how many endpoints are impacted and the methodologies used to find the products.
The full list of Kaspersky products banned by the DHS directive are:
- Kaspersky Anti-Virus
- Kaspersky Internet Security
- Kaspersky Total Security
- Kaspersky Small Office Security
- Kaspersky Anti Targeted Attack
- Kaspersky Endpoint Security
- Kaspersky Cloud Security (Enterprise)
- Kaspersky Cybersecurity Services
- Kaspersky Private Security Network
- Kaspersky Embedded Systems Security