The Federal Risk and Authorization Management Program has recommended that cloud service providers review the Cybersecurity and Infrastructure Security Agency’s latest binding operational directive to mitigate risks from misconfigured management interfaces.
BOD 23-02, titled “Mitigating the Risk from Internet-Exposed Management Interfaces,” requires agencies to reduce vulnerabilities of federal devices to cyberattacks caused by improperly configured network devices, FedRAMP said Friday.
The CISA directive applies to devices that reside on or support federal information systems and networks or “devices for which the management interfaces are using network protocols for remote management over public internet.”
While the directive does not apply to web applications and interfaces used for managing CSP offerings, FedRAMP recommends that cloud companies follow the best practices outlined in the directive.