Add CISA rec mitigations

README.md

@@ -36,26 +36,40 @@ National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.
 
 ## Mitigation Guidance ##
 
-When updates are available, agencies must update software using Log4j to the newest version, 
+When updates are available, agencies must update software 
-which is the most effective and manageable long-term option. Where updating is not possible, 
+using Log4j to the newest version, which is the most 
-the following mitigating measures can be considered as a temporary solution and apply to the 
+effective and manageable long-term option. Where 
-entire solution stack.
+updating is not possible, the following mitigating 
+measures can be considered as a temporary solution 
+and apply to the entire solution stack.
 
-- Disable Log4j library. Disabling software using the Log4j library is an effective measure, 
+- **Disable Log4j library.** Disabling software using the 
-favoring controlled downtime over adversary-caused issues. This option could cause operational 
+Log4j library is an effective measure, favoring 
-impacts and limit visibility into other issues.
+controlled downtime over adversary-caused issues. 
-- Disable JNDI lookups or disable remote codebases. This option, while effective, may involve 
+This option could cause operational impacts and limit 
+visibility into other issues.
+- **Disable JNDI lookups or disable remote codebases.** 
+This option, while effective, may involve 
 developer work and could impact functionality.
-- Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically 
+- **Disconnect affected stacks.** Solution stacks not 
-lower risk from attack. Consider temporarily disconnecting the stack from agency networks.
+connected to agency networks pose a dramatically 
-- Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the 
+lower risk from attack. Consider temporarily 
+disconnecting the stack from agency networks.
+- **Isolate the system.** Create a “vulnerable network” 
+VLAN and segment the solution stack from the 
 rest of the enterprise network.
-- Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. 
+- **Deploy a properly configured Web Application 
-Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to 
+Firewall (WAF) in front of the solution stack.** 
-bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller 
+Deploying a WAF is an important, but incomplete, 
+solution. While threat actors will be able to 
+bypass this mitigation, the reduction in alerting 
+will allow an agency SOC to focus on a smaller 
 set of alerts.
-- Apply micropatch. There are several micropatches available. They are not a part of the official 
+- **Apply micropatch.** There are several micropatches 
-- update but may limit agency risk.
+available. They are not a part of the official 
+update but may limit agency risk.
+- Report incidents promptly to CISA and/or the FBI 
+[here](https://www.cisa.gov/uscert/report).
 
 For more information regarding CISA recommended mitigation measures please visit 
 [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures).