PRESS RELEASE
WASHINGTON – The Cybersecurity and Infrastructure Safety Company (CISA) right now issued Binding Operational Directive (BOD) 25-01, Implementing Safe Practices for Cloud Providers to safeguard federal data and data methods. This Directive requires federal civilian businesses to establish particular cloud tenants, implement evaluation instruments, and align cloud environments to CISA’s Safe Cloud Enterprise Functions (SCuBA) safe configuration baselines.
Latest cybersecurity incidents spotlight the numerous dangers posed by misconfigurations and weak safety controls, which attackers can use to achieve unauthorized entry, exfiltrate knowledge, or disrupt companies. As a part of CISA and the broad U.S. authorities’s effort to maneuver the federal civilian enterprise to a extra defensible posture, this Directive will additional scale back the assault floor of the federal authorities networks.
“Malicious menace actors are more and more focusing on cloud environments and evolving their techniques to achieve preliminary cloud entry. The actions required by businesses on this Directive are an essential step in lowering threat to the federal civilian enterprise,” mentioned CISA Director Jen Easterly. “Whereas this Directive solely applies to federal civilian businesses, the menace to cloud environments extends to each sector. We urge all organizations to undertake this steering. In terms of lowering cyber threat and making certain resilience, all of us have a task to play.”
As federal civilian businesses implement this mandate, CISA will monitor and help company adherence and supply further sources as required. CISA is dedicated to utilizing its cybersecurity authorities to achieve higher visibility and drive well timed threat discount throughout federal civilian businesses.
The brand new Directive will be discovered at Binding Operational Directive (BOD) 25-01. To be taught extra about CISA Directives, go to Cybersecurity Directives webpage.