The Cybersecurity and Infrastructure Security Agency (CISA) this week directed federal civilian agencies to bolster awareness of the network addressable internet protocol assets on their networks and list the suspected cyber vulnerabilities on those assets.

The Binding Operational Directive (23-01) is mandatory for federal civilian executive branch, although CISA recommends that private sector entities take the same measures.

“Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets,” CISA Director Jen Easterly said in a statement. “Knowing what’s on your network is the first step for any organization to reduce risk.”

CISA doesn’t prescribe how agencies should go about asset and vulnerability discovery but is offering its assistance to baseline current asset management capabilities and provide technical and program assistance to help fulfill actions required in the directive.

Federal agencies have six months to implement the directive.