US government urges federal agencies to patch Microsoft 365 now
techradar.com- CISA issues BOD 25-01, the first binding directive of the year
- It addresses Microsoft 365 security, which is under threat
- Other cloud providers will be added soon, as well
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.
BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.
It revolves around deploying a custom automation configuration assessment tool (ScubaGear for Microsoft 365 audits), integrating with CISA’s continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB).
Mandatory policies
"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE