It is one of the most urgent steps taken by the Biden administration to resolve the bug in so-called Log4J software, which US officials said this week could affect hundreds of millions of devices around the world.
CISA officials said this week that no federal agencies have been hacked using the vulnerability, but the emergency order is an attempt to secure it by collecting much more data on federal agencies̵[ads1]7; exposure to the problem.
Major technology companies from Amazon Web Services to IBM have run to address the vulnerability of their products and published guidance on how to fix the bug for their customers.
The order goes further than a previous CISA directive as it requires agencies to address instances of Log4J that are not only directly exposed to the internet, but can be deeper in agency networks.
On Wednesday night, the US Patent and Trademark Office closed the night to remote access to its computer systems for 12 hours due to “serious and time-sensitive concerns” about the vulnerability.
The Pentagon is taking “rapid action right now to identify and mitigate Log4J vulnerabilities by monitoring malicious cyber-activity and targeting potential exploitation,” said Press Secretary John Kirby on Friday.
The Pentagon, he added, continues to “work with the Cybersecurity and Infrastructure Security Agency, CISA, on a comprehensive response from the authorities.”
This story has been updated with further details on Friday.
CNN’s Michael Conte contributed to this report.