CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services

Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines. 
Recent cybersecurity incidents highlight the significant risks posed by misconfigurations a