Security News > 2023 > October > NSA and CISA reveal top 10 cybersecurity misconfigurations
The National Security Agency and the Cybersecurity and Infrastructure Security Agency revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
"These teams have assessed the security posture of many networks across the Department of Defense, Federal Civilian Executive Branch, state, local, tribal, and territorial governments, and the private sector," the NSA said.
NSA and CISA also encourage network defenders to implement the recommended mitigation measures to reduce the risk of attackers exploiting these common misconfigurations.
Besides applying the outline mitigations, NSA and CISA recommend "Exercising, testing, and validating your organization's security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework" in today's advisory.
The two federal agencies also advise testing existing security controls inventory to assess their performance against the ATT&CK techniques described in the advisory.
CISA offers free security scans for public water utilities.