PRESS RELEASE
WASHINGTON – The Cybersecurity and Infrastructure Safety Company (CISA) right now issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal info and knowledge methods. This Directive requires federal civilian companies to establish particular cloud tenants, implement evaluation instruments, and align cloud environments to CISA’s Safe Cloud Enterprise Purposes (SCuBA) safe configuration baselines.
Latest cybersecurity incidents spotlight the numerous dangers posed by misconfigurations and weak safety controls, which attackers can use to realize unauthorized entry, exfiltrate information, or disrupt companies. As a part of CISA and the broad U.S. authorities’s effort to maneuver the federal civilian enterprise to a extra defensible posture, this Directive will additional scale back the assault floor of the federal authorities networks.
“Malicious risk actors are more and more focusing on cloud environments and evolving their techniques to realize preliminary cloud entry. The actions required by companies on this Directive are an vital step in lowering danger to the federal civilian enterprise,” mentioned CISA Director Jen Easterly. “Whereas this Directive solely applies to federal civilian companies, the risk to cloud environments extends to each sector. We urge all organizations to undertake this steerage. In relation to lowering cyber danger and making certain resilience, all of us have a job to play.”
As federal civilian companies implement this mandate, CISA will monitor and assist company adherence and supply extra assets as required. CISA is dedicated to utilizing its cybersecurity authorities to realize higher visibility and drive well timed danger discount throughout federal civilian companies.
The brand new Directive might be discovered at Binding Operational Directive (BOD) 25-01. To study extra about CISA Directives, go to Cybersecurity Directives webpage.
Source link