• US government urges federal agencies to patch Microsoft 365 now

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 18, 2024 19:15:05
    US government urges federal agencies to patch Microsoft 365 now

    Date:
    Wed, 18 Dec 2024 19:05:00 +0000

    Description:
    First binding CISA directive of 2025 addresses Microsoft 365 issues

    FULL STORY ======================================================================CISA issues BOD 25-01, the first binding directive of the year It addresses Microsoft 365 security, which is under threat Other cloud providers will be added soon, as well

    The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.

    BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.

    It revolves around deploying a custom automation configuration assessment
    tool (ScubaGear for Microsoft 365 audits), integrating with CISAs continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB). Mandatory policies

    "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," CISA said.

    "This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA's Secure Cloud Business Applications (SCuBA) secure configuration baselines."

    Here is what CISA demands FCEB organizations do:

    - Identify all cloud tenants within the scope of this Directive by February 21, 2025.
    - Deploy all SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025
    - Implement all mandatory SCuBA policies effective as of the Directives issuance no later than Friday, June 20, 2025
    - Implement all future updates to mandatory SCuBA policies
    - Implement all mandatory SCuBA Secure Configuration Baselines

    The list of all mandatory policies can be found on the Required
    Configurations website . At press time, it included secure configuration baselines for Microsoft 365, Azure Active DIrectory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online & OneDrive, and Microsoft Teams.

    Google and other cloud platforms are set to follow in the coming months.

    CISA also has a list of mandatory actions, you can read more about those here .

    Via BleepingComputer You might also like Sneaky malware abuses CAPTCHA to bypass browser protections Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-urges-federal-agencies-to -patch-microsoft-365-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)