In April, CISA announced the Secure Cloud Business Applications (SCuBA) project to help secure federal civilian executive branch (FCEB) information assets stored within cloud environments through consistent, effective, modern, and manageable security configurations. Today, we are excited to announce the latest contribution of the SCuBA project: a series of recommended security configuration baselines for Microsoft 365 (M365). These baselines will kick off a series of pilot efforts to advance cloud security practices across the FCEB and more effectively safeguard sensitive information and government services.
These baselines benefitted from foundational work from a consortium of security experts across the FCEB, called the Federal Chief Information Officers Council’s Cyber Innovation Tiger Team (CITT), and will help agencies align their cloud environments with federal security mandates and cybersecurity best practices.