Check out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges.
Dive into six things that are top of mind for the week ending Dec. 20.
1 – CISA issues cloud security mandate for federal agencies
To boost its cloud security, the U.S. government this week released a set of cybersecurity actions that federal civilian agencies will be required to take during the first half of 2025 — mostly focused on applying secure configuration baselines to their cloud apps.
The mandate to secure cloud environments comes via the Binding Operational Directive (BOD) 25-01 — titled “Implementing Secure Practices for Cloud Services” — from the Cybersecurity and Infrastructure Security Agency (CISA).
“Malicious threat actors are increasingly targeting cloud environments and evolving their tactics to gain initial cloud access. The actions required by agencies in this Directive are an important step in reducing risk to the federal civilian enterprise,” CISA Director Jen Easterly said in a statement.
The guidance, while applicable only to U.S. federal civilian agencies, can be helpful to all organizations in the public and private sectors, Easterly added. Its foundation is CISA’s Secure Cloud Business Applications (SCuBA) project, which offers recommendations for hardening the configuration of cloud services.
These are the directive’s cloud sec
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: