61 F
Washington D.C.
Friday, April 12, 2024

NSA and CISA Advise on Top Ten Cybersecurity Misconfigurations

There illustrate a trend of systemic weaknesses in several large organizations and the importance of software manufacturers embracing secure-by-design principles.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat.

The report includes information from NSA and CISA Red and Blue team assessments, as well as activities of NSA and CISA Hunt and Incident Response teams. These teams have assessed the security posture of many networks across the Department of Defense (DoD), Federal Civilian Executive Branch (FCEB), state, local, tribal, and territorial (SLTT) governments, and the private sector.

As indicated in the CSA, these most common misconfigurations illustrate a trend of systemic weaknesses in several large organizations and the importance of software manufacturers embracing secure-by-design principles to reduce the risk of compromise.

Some of the misconfigurations mentioned in the CSA include default configurations of software and applications, weak or misconfigured multifactor authentication (MFA) methods, and unrestricted code execution.

NSA and CISA encourage network defenders and software manufacturers to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise. The agencies also recommend network owners and operators examine their networks for similar misconfigurations even when running other software not specifically mentioned in the advisory.

Read the full report here.

Read more at NSA

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles