From b38a94f1acb239af3c393c7aeb91021f99f9e25f Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Thu, 23 Dec 2021 16:10:42 -0500
Subject: [PATCH] Add CISA rec mitigation guidance

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e98353c..740ba3c 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ When updates are available, agencies must update software using Log4j to the new
 
 - Disable Log4j library. Disabling software using the Log4j library is an effective measure, favoring controlled downtime over adversary-caused issues. This option could cause operational impacts and limit visibility into other issues.
 - Disable JNDI lookups or disable remote codebases. This option, while effective, may involve developer work and could impact functionality.
-- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically lower risk from attack. Consider temporarily disconnecting the stack from agency networks. 
+- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically lower risk from attack. Consider temporarily disconnecting the stack from agency networks.
 - Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the rest of the enterprise network.
 - Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller set of alerts.
 - Apply micropatch. There are several micropatches available. They are not a part of the official update but may limit agency risk.