In addition, CISA has released supplemental guidance to Emergency Directive (ED) 21-01, providing new information on affected versions, new guidance for agencies using third-party service providers, and additional clarity on required actions.
CISA encourages users and administrators to review the following resources for additional information on the SolarWinds Orion compromise.