CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

06/28/2022 02:51 PM EDT

Original release date: June 28, 2022

 CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA
 
CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth. For more information, CISA recommends reviewing Microsoft’s Deprecation of Basic Authentication in Exchange Online documentation and the associated Exchange Team blog post, Basic Authentication Deprecation in Exchange Online.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

05/31/2022 11:11 AM EDT

Original release date: May 31, 2022

Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

05/11/2022 07:00 AM EDT

Original release date: May 11, 2022

The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory (CSA), Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers. The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data. The CSA also provides tactical actions for MSPs and customers, including:

  • Identify and disable accounts that are no longer in use.
  • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  • Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

CISA urges organizations to review the joint CSA and take actions to strengthen their defenses against malicious cyber activity.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment

04/18/2022 09:21 PM EDT

Original release date: April 18, 2022 | Last revised: April 19, 2022

CISA has released draft versions of two guidance documentsalong with a request for comment (RFC)that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project:

  • Secure Cloud Business Applications (SCuBA) Technical Reference Architecture (TRA) 
  • Extensible Visibility Reference Framework (eVRF) Program Guidebook 

The public comment period for the RFC guidance documents closes on May 19, 2022.

In accordance with Executive Order 14028, which is aimed at improving security for federal government networks, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure agency information assets stored within cloud operations.  

CISA encourages interested parties to review the SCuBA documents and provide comment. 
See CISA Blog: SCuBA? It means better visibility, standards, and security practices for government cloud for more information and for links to the RFC guidance documents. 

This product is provided subject to this Notification and this Privacy & Use policy.

Guidance on Sharing Cyber Incident Information

04/07/2022 04:53 PM EDT

Original release date: April 7, 2022

CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.  

CISA uses this information from partners to build a common understanding of how adversaries are targeting U.S. networks and critical infrastructure sectors. This information fills critical information gaps and allows CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.  Click the fact sheet link to learn more and visit our Shields Up site for useful information.

This product is provided subject to this Notification and this Privacy & Use policy.

NSA Releases Network Infrastructure Security Guidance

03/03/2022 12:22 PM EST

Original release date: March 3, 2022

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.

CISA encourages network architects, defenders, and administrators to review NSA’s Network Infrastructure Security Guidance as well as CISA’s recently published Layering Network Security Through Segmentation infographic for assistance in hardening networks against cyber threats.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

02/26/2022 10:00 AM EST

Original release date: February 26, 2022

CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. 

Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats. 

CISA recommends organizations review Destructive Malware Targeting Organizations in Ukraine and Shields Up Technical Guidance webpage for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0

01/20/2022 09:51 AM EST

Original release date: January 20, 2022

CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review the Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0 for guidance in facilitating IPv6 implementation in federal IT systems.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities

Original release date: December 17, 2021

CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228.

Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage Apache Log4j Vulnerability Guidance.

NSA and CISA Release Final Part IV of Guidance on Securing 5G Cloud Infrastructures

12/16/2021 03:11 PM EST

Original release date: December 16, 2021

CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time integrity, and build time security to ensure that 5G cloud resources are not modified without authorization. This series was published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.

CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. See CISA’s 5G Security and Resilience webpage for more information.

This product is provided subject to this Notification and this Privacy & Use policy.