Executive Gov
  • Home
  • Acquisition & Procurement
  • Agencies
    • DoD
    • Intelligence
    • DHS
    • Civilian
    • Space
  • Cybersecurity
  • Technology
  • Awards
  • News
  • About
  • Wash100
  • Contact Us
    • Advertising
    • Submit your news
No Result
View All Result
Executive Gov
  • Home
  • Acquisition & Procurement
  • Agencies
    • DoD
    • Intelligence
    • DHS
    • Civilian
    • Space
  • Cybersecurity
  • Technology
  • Awards
  • News
  • About
  • Wash100
  • Contact Us
    • Advertising
    • Submit your news
No Result
View All Result
Executive Gov
No Result
View All Result
Home Cybersecurity

CISA, NSA Issue Guidance to Strengthen Microsoft Exchange Server Security

by Arthur McMiler
November 3, 2025
in Cybersecurity, DHS, DoD, News
Nick Andersen, an official at CISA. Andersen highlighted the value of cybersecurity practices on Microsoft Exchange servers

Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency and the National Security Agency, along with global cybersecurity partners, have issued new guidance outlining best practices to secure Microsoft Exchange servers against cyberattacks. 

Table of Contents

    • You might also like
    • VA Names Lee Payne Acting Under Secretary for Health
    • CISA Expects Final CIRCIA Rule in September
    • BAE Systems Lands DOW Funding for Radiation-Hardened Chip Production
  • What Are the Roadmap’s Suggested Cybersecurity Steps?
  • Additional Guardrails Through Zero Trust Principles

You might also like

VA Names Lee Payne Acting Under Secretary for Health

CISA Expects Final CIRCIA Rule in September

BAE Systems Lands DOW Funding for Radiation-Hardened Chip Production

The release is part of an ongoing collaboration between U.S. and allied cybersecurity agencies to counter evolving threats to critical infrastructure and national security, CISA said Thursday.

CISA, NSA Issue Guidance to Strengthen Microsoft Exchange Server Security

Cyber defense driven by artificial intelligence will be among the topics for discussion at the Potomac Officers Club’s 2025 Homeland Security Summit on Nov. 12. Book your seat now for this Nov. 12 conference, with top representatives from industry and government agencies set to exchange views on building a resilient homeland security enterprise.

The 15-page document, titled Microsoft Exchange Server Security Best Practices, expands on CISA’s earlier Emergency Directive 25-02 and provides technical recommendations for organizations using on-premises Exchange or hybrid environments.

What Are the Roadmap’s Suggested Cybersecurity Steps?

The guidance urges organizations to enforce a prevention posture, emphasizing principles such as least privilege, deny-by-default and timely patching. It calls for maintaining regular security updates and enabling Microsoft’s Emergency Mitigation Service to reduce system vulnerabilities.

It also recommends applying security baselines across Exchange servers, operating systems and mail clients to maintain consistent configurations and quickly identify deviations. Agencies, such as the Defense Information Systems Agency, the Center for Internet Security and Microsoft, have published baseline templates that network administrators can follow.

The document further suggests enabling built-in protections, including Microsoft Defender Antivirus, Antimalware Scan Interface, Attack Surface Reduction, AppLocker and Exchange’s own anti-spam and anti-malware tools.

Additional Guardrails Through Zero Trust Principles

Additional measures—such as restricting administrative access, implementing multifactor authentication, enforcing transport security and adopting zero-trust principles—can further strengthen defenses, according to the guidance. CISA and NSA also warned that some Exchange Server versions have reached end-of-life and urged organizations to take proactive steps to mitigate associated risks.

“With the threat to Exchange servers remaining persistent, enforcing a prevention posture and adhering to these best practices is crucial for safeguarding our critical communication systems,” said Nick Andersen, executive assistant director for CISA’s cybersecurity division. “This guidance empowers organizations to proactively mitigate threats, protect enterprise assets and ensure the resilience of their operations,” the agency official stressed. 

Stay connected via Google News
Follow us for the latest travel updates and guides.
Add as preferred source on Google
Share5Tweet19

Recommended For You

VA Names Lee Payne Acting Under Secretary for Health

by Jane Edwards
July 8, 2026
Lee Payne. The VA deputy under secretary for health has been named the department’s acting under secretary.

VA Acting Under Secretary for Health Lee Payne has led EHR modernization effortsPayne brings more than 30 years of military healthcare leadershipThe 2026 Healthcare Summit will examine federal...

Read moreDetails

CISA Expects Final CIRCIA Rule in September

by Jane Edwards
July 8, 2026
Cybersecurity and Infrastructure Security Agency logo. CISA expects to issue the final rule implementing CIRCIA in September.

CIRCIA reporting requirements are nearing implementationMore federal cyber rules are expected this fallThe 2026 Homeland Security Summit will explore AI, cyber defense and moreThe Department of Homeland Security's...

Read moreDetails

BAE Systems Lands DOW Funding for Radiation-Hardened Chip Production

by Miles Jamison
July 8, 2026
Michael Cadenazzi. The DOW assistant secretary discussed the investment in BAE Systems to expand RHM production.

The investment will expand domestic production of radiation-hardened microelectronics for defense applicationsBAE Systems will restore its RH45 Storefront to support trusted chip manufacturingThe effort is intended to strengthen...

Read moreDetails

Army Launches xTech Competition for Low-Cost Interceptors

by Miles Jamison
July 8, 2026
Daniel Driscoll. The Army secretary discusses the xTech|Apex Intercept competition for low-cost interceptor development.

The Army aims to accelerate the development of low-cost interceptor technologiesThe xTech|Apex Intercept Competition targets innovations in interceptors, rocket motors, seekers and fire controlThe initiative supports the Army's...

Read moreDetails

US Navy Seeks Industry Input for Next Generation Undersea Security Initiative

by Jamie Bennet
July 8, 2026
U.S. Navy. The Navy's Strategic Systems Programs issued a sources sought notice for its next-gen undersea security project.

The U.S. Navy Strategic Systems Programs has released a sources sought notice to support its Next Generation Undersea Security InitiativeNG-USI has 22 focus areas, ranging from signal mitigation...

Read moreDetails
Sign Up For Our Newsletter
Subscribe to our mailing list to receives daily updates direct to your inbox!
Invalid email address
Your privacy is guranteed.
Thanks for subscribing!

Sponsors

About ExecutiveGov

ExecutiveGov, published by Executive Mosaic, is a site dedicated to the news and headlines in the federal government. ExecutiveGov serves as a news source for the hot topics and issues facing federal government departments and agencies such as Gov 2.0, cybersecurity policy, health IT, green IT and national security. We also aim to spotlight various federal government employees and interview key government executives whose impact resonates beyond their agency.

CATEGORIES

  • Acquisition & Procurement
  • Announcements
  • Articles
  • Artificial Intelligence
  • Awards
  • Big Data & Analytics News
  • C4ISR
  • Civilian
  • Cloud
  • Contract Awards
  • Cybersecurity
  • Defense And Intelligence
  • Defense Security Cooperation
  • DHS
  • Digital Assets
  • Digital Modernization
  • DoD
  • Events
  • Executive Moves
  • Executive Spotlights
  • Federal Civilian
  • Financial Reports
  • Foreign Military Sales
  • General News
  • GovCon Expert
  • Government Cloud
  • Government Technology
  • GSA
  • Healthcare IT
  • Industry News
  • Intelligence
  • Legislation
  • M&A Activity
  • National Security
  • News
  • Policy Updates
  • Press Releases
  • Profiles
  • Space
  • Videos
  • Wash100
Sign Up For Our Newsletter
Subscribe to our mailing list to receives daily updates direct to your inbox!
Invalid email address
Your privacy is guranteed.
Thanks for subscribing!

Copyright 2026 Executive Mosaic. All Rights Reserved.

No Result
View All Result
  • Home
  • Acquisition & Procurement
  • Agencies
    • DoD
    • Intelligence
    • DHS
    • Civilian
    • Space
  • Cybersecurity
  • Technology
  • Awards
  • News
  • About
  • Wash100
  • Contact Us
    • Advertising
    • Submit your news

Copyright 2026 Executive Mosaic. All Rights Reserved.

Get your free GovCon news!

Get your latest GovCon news and insights. Become a VIP and subscribe to the GovConWire Daily News.

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Thanks for subscribing!