Provide Feedback to Help Improve Federal Cloud Cybersecurity

As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) recently launched the Secure Cloud Business Applications (SCuBA) project that was funded through the American Rescue Plan Act of 2021. The project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments.  

Recently, CISA announced it has published a series of security configuration baselines for Microsoft 365 (M365) as a part of the Secure Cloud Business Applications (SCuBA) project, which collectively will help agencies adopt necessary security and resilience practices when utilizing cloud services. The CISA M365 SCBs build on previous security configuration baselines developed by the Federal Chief Information Officers Council’s Cyber Innovation Tiger Team (CITT).   

These baseline documents were developed to assist federal agencies in rapidly assessing their M365 services, specifically these eight: Microsoft Teams, SharePoint, Power Platform, Power BI, OneDrive for Business, Exchange Online, Defender for Office 365 and Azure Active Directory.  

While these documents are principally intended for use by federal agencies, CISA recommends that all organizations utilizing cloud services review the M365 security configuration baseline documents and implement practices therein where appropriate. 

Until November 24, the eight baseline products are open for public comment. We encourage you to review them and provide feedback because we want to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Comments should be submitted to: QSMO@CISA.dhs.gov.