The Cybersecurity and Infrastructure Security Agency has released a set of recommended security configuration baselines for Microsoft 365 to guide cloud security projects across the federal government.
The baselines were released as part of the Secure Cloud Business Applications project launched in April to secure sensitive federal information assets stored in the cloud, according to Michael Duffy, associate director at CISA.
Federal civilian executive branch agencies are encouraged to pilot the recommended Microsoft 365 security configuration baselines and submit feedback to CISA.
SCuBA developed the baselines based on the foundational work of the Federal Chief Information Officers Council’s Cyber Innovation Tiger Team, a consortium of security experts from the government.
The project is scheduled to release another set of security configuration baselines for Google Workspace in the coming months to help agencies build up their network security practices.