The US Cybersecurity and Infrastructure Security Agency has added SFA to a rather short list of cybersecurity bad practices