US Federal agencies have told Microsoft to address issues in its security practices, warning the company that it may be excluded from future government contracts if it does not do so. A memo from the Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) cites concerns about vulnerabilities in Microsoft’s cloud products, as well as its track record on patching vulnerabilities.
Why it matters: The US is increasingly worried about cyberattacks from Russia and China, and, instead of prodding businesses to adopt security requirements, the federal government is setting baseline cybersecurity requirements for tech companies to follow.
- Following an announcement that possible sensitive employee information was leaked from Pentagon servers supported by Microsoft, the company is in hot water. CISA director Jen Easterly criticized Microsoft’s “disappointing” number of users with two-factor authentication.
- Apple, on the other hand, has incorporated baseline security measures by default in many of its products, a move Easterly praised.
- Microsoft is committed to addressing the issues raised in CISA’s memo and is working closely with the agencies to improve its security posture.