CISA Solicits Public Comments on Microsoft 365 Security Configuration Baselines

The Cybersecurity and Infrastructure Security Agency is seeking feedback on eight Microsoft 365 security configuration baselines for the cloud security pilots of federal agencies. CISA released the baselines as part of its Secure Cloud Business Applications project, which was established under the American Rescue Plan Act of 2021 and the fiscal 2021 National Defense Authorization Act to help agencies protect sensitive data. Comments on the baselines may be submitted until Nov. 24, FedScoop reported.

According to CISA, the provided recommendations aim to enhance the security of cloud business application environments of federal civilian agencies through additional configurations, settings and security products.

The Federal Chief Information Officers Council’s Cyber Innovation Tiger Team, a consortium of security experts, was responsible for developing the foundational work on the baselines. “We have worked hard to closely align these baselines with zero trust tenets and principles,” said Sean Connelly, senior cyber architect at CISA.

The agency will also release recommended cybersecurity architectures for Google Workspace in the coming months.

Speaking at the CyberTalks event on Thursday, Alice Fakir, account partner for federal security services at IBM, said the SCuBA project will help vendors develop services and products that better address the security needs of the government. She also highlighted how partnerships with the industry can help create multiple versions of the technical reference architecture.

“If there was something I’d like to add and see more of it’s more engagement and collaboration with the government, CISA specifically, and being able to build out additional proofs of concept around these things,” Fakir said.