[CDP-development] Request for Comment: CISA Releases Microsoft 365 Security Configuration Baselines

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Oct 20 07:48:16 PDT 2022 

FYSA

As the nation's cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) recently launched the Secure Cloud Business Applications (SCuBA) project that was funded through the American Rescue Plan Act of 2021<https://www.whitehouse.gov/briefing-room/legislation/2021/01/20/president-biden-announces-american-rescue-plan/>. The project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments.

Today, CISA announced<https://www.cisa.gov/blog/2022/10/20/scuba-dives-deeper-help-federal-agencies-secure-their-cloud-environments-publishes> it has published a series of security configuration baselines for Microsoft 365 (M365) as a part of the Secure Cloud Business Applications (SCuBA) project, which collectively will help agencies adopt necessary security and resilience practices when utilizing cloud services. The CISA M365 SCBs build on previous security configuration baselines developed by the Federal Chief Information Officers Council's Cyber Innovation Tiger Team (CITT).



These baseline documents were developed to assist federal agencies in rapidly assessing their M365 services, specifically these eight: Microsoft Teams, SharePoint, Power Platform, Power BI, OneDrive for Business, Exchange Online, Defender for Office 365 and Azure Active Directory.



While these documents are principally intended for use by federal agencies, CISA recommends that all organizations utilizing cloud services review the M365 security configuration baseline documents and implement practices therein where appropriate.



Until November 24, the eight baseline products are open for public comment<https://github.com/cisagov/ScubaGear>. We encourage you to review them and provide feedback because we want to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Comments should be submitted to: QSMO at CISA.dhs.gov<mailto:QSMO at CISA.dhs.gov>.



We look forward to receiving and reviewing your feedback on this important effort to improve federal cloud cybersecurity.


Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D8E458.2FDC6EA0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221020/8e63fae2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221020/8e63fae2/attachment-0001.png>

More information about the CDP-development mailing list