Encircle News!

Retro Game Arcade
, , ,

US government urges federal agencies to patch Microsoft 365 now

TechRadar – All the latest technology news

  • CISA issues BOD 25-01, the first binding directive of the year
  • It addresses Microsoft 365 security, which is under threat
  • Other cloud providers will be added soon, as well

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.

BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.

It revolves around deploying a custom automation configuration assessment tool (ScubaGear for Microsoft 365 audits), integrating with CISA’s continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB).

Mandatory policies

“Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services,” CISA said.

“This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.”

Here is what CISA demands FCEB organizations do:

– Identify all cloud tenants within the scope of this Directive by February 21, 2025.
– Deploy all SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025
– Implement all mandatory SCuBA policies effective as of the Directive’s issuance no later than Friday, June 20, 2025
– Implement all future updates to mandatory SCuBA policies
– Implement all mandatory SCuBA Secure Configuration Baselines

The list of all mandatory policies can be found on the Required Configurations website. At press time, it included secure configuration baselines for Microsoft 365, Azure Active DIrectory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online & OneDrive, and Microsoft Teams.

Google and other cloud platforms are set to follow in the coming months.

CISA also has a list of mandatory actions, you can read more about those here.

Via BleepingComputer

You might also like

https://www.techradar.com/pro/security/us-government-urges-federal-agencies-to-patch-microsoft-365-now

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis This Week in Tech (Audio)

So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Federal appeals court declines to temporarily block ban on TikTok, teeing up showdown at SCOTUS over controversial law WordPress parent company must stop blocking WP Engine, judge rules Crypto's Legacy Is Finally Clear Tech Industry and CEOs Curry Favor With Trump Ahead of His Inauguration AI Is Detecting More Breast Cancer Cases, Study Suggests Huge randomized trial of AI boosts discovery — at least for good scientists GM Calls It Quits on Mary Barra's $50 Billion Robotaxi Dream You Can Buy a Car on Amazon Now Host: Leo Laporte Guests: Cathy Gellis, Mike Elgan, and Emily Forlini Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit shopify.com/twit
  1. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  2. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  3. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  4. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI
  5. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny