For a while, it was just a recommendation. Now it’s mandatory.
Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.
Since April 2022, CISA has used the SCuBA project to provide guidance and capabilities to secure federal agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments.
The push to make it mandatory is new and CISA warned of recent incidents that have shown attackers can use misconfigurations and weak security controls to steal data and disrupt services.
Read more from The Record.