Cyber Security News

CISA Releases Secure Practices for Microsoft 365 Cloud Services

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services, to enhance the cybersecurity posture of Federal Civilian Executive Branch (FCEB) agencies utilizing cloud services, including Microsoft 365.

This directive, unveiled on December 17, 2024, introduces a set of Secure Configuration Baselines and assessment tools under the Secure Cloud Business Applications (SCuBA) project.

A Blueprint for Secure Cloud Practices

The SCuBA configurations mandate consistent and effective security protocols tailored for cloud environments.

The directive requires FCEB agencies to meet these Secure Cloud Baselines, deploy automated compliance assessment tools, and remediate deviations.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Agencies adopting the most up-to-date version of the SCuBA Assessment Tool can efficiently evaluate their security configurations, generating a report identifying non-compliance areas.

Microsoft 365, a cornerstone of cloud productivity for many government agencies, is among the platforms covered under this directive.

SCuBA’s baseline configurations ensure agencies maintain robust security for email, collaboration, and file-sharing services, reducing vulnerabilities and preventing cyber threats from exploiting them.

Although BOD 25-01 is mandatory for federal agencies under the FCEB umbrella, CISA strongly encourages broader adoption across other organizations.

By implementing the SCuBA guidelines and assessment tools, stakeholders can bolster their cybersecurity defenses, reduce risk, and contribute to collective resilience in the face of increasingly sophisticated cyber threats.

CISA’s guidance comes amidst growing concerns over cyberattacks targeting cloud services, which are critical to modern operations.

Effective configuration management and regular assessments, as outlined in SCuBA, are key to mitigating these risks.

Agencies and organizations can visit CISA’s webpage to download the SCuBA Assessment Tool and access step-by-step instructions for compliance.

This ensures seamless implementation of the configurations necessary to secure Microsoft 365 and other cloud platforms.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a…

28 minutes ago

Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability…

31 minutes ago

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing…

33 minutes ago

BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes

BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware…

40 minutes ago

Europol Details on How Cyber Criminals Exploit legal businesses for their Economy

Europol has published a groundbreaking report titled "Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks…

56 minutes ago

CISA Proposes National Cyber Incident Response Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National…

2 hours ago