びびなび : World : () World

Security Update: CMS Hybrid Cloud Launches the Q3 - 2024 CMS Enterprise Security Campaign








CMS Cloud


CMS Hybrid Cloud Launches the Q3- 2024 CMS Enterprise Security Campaign

________________________________________________________________________



Summary: 

Starting *August 6th, 2024*, the CMS Hybrid Cloud Team will begin the Q3 2024 CMS Enterprise Security Campaign.

Any findings will be tracked via Jira tickets [ https://jiraent.cms.gov/secure/Dashboard.jspa ] and assigned to the respective teams to remediate risks. The Q3 CMS Enterprise Security Campaign is targeting a list of eight (8) Common Vulnerabilities and Exposures (CVEs) sourced from Cybersecurity & Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog.

On *August 21st, 2024*, a new AWS Security Hub GuardRail will be added to prevent reintroduction of certain findings back into the CMS environment.

Benefits

Resolving findings in customers' Jira tickets [ https://jiraent.cms.gov/secure/Dashboard.jspa ] ensures CMS systems remain secure. Participating in proactive, routine security activities, such as this CMS Enterprise Security Campaign, reduces the risk of unauthorized and/or malicious activity.

The CMS Enterprise Security Campaign will target and identify the following CVEs from CISA's KEV catalog:

Targeted Known Exploited Vulnerabilities (KEVs)

*CVE* *Plugin ID* *Description* *Severity*

CVE-2019-17569 [ https://www.tenable.com/cve/CVE-2019-17569 ]

CVE-2020-1935 [ https://www.tenable.com/cve/CVE-2020-1935 ]

CVE-2020-1938 [ https://www.tenable.com/cve/CVE-2020-1938 ]



197843 [ https://www.tenable.com/plugins/nessus/197843 ]



Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities



Critical



CVE-2024-21094 [ https://www.tenable.com/cve/CVE-2024-21094 ]

CVE-2024-21098 [ https://www.tenable.com/cve/CVE-2024-21098 ]

CVE-2024-21892 [ https://www.tenable.com/cve/CVE-2024-21892 ]



193574 [ https://www.tenable.com/plugins/nessus/193574 ]



Oracle Java (Apr 2024 CPU)



Critical



CVE-2024-21068 [ https://www.tenable.com/cve/CVE-2024-21068 ]

CVE-2024-21085 [ https://www.tenable.com/cve/CVE-2024-21085 ]

CVE-2024-21094 [ https://www.tenable.com/cve/CVE-2024-21094 ]



193814 [ https://www.tenable.com/plugins/nessus/193814 ]



Azul Zulu Java Multiple Vulnerabilities (2024-04-16)



Critical



CVE-2023-6931 [ https://www.tenable.com/cve/CVE-2023-6931 ]

CVE-2024-0565 [ https://www.tenable.com/cve/CVE-2024-0565 ]

CVE-2024-1086 [ https://www.tenable.com/cve/CVE-2024-1086 ]



192854 [ https://www.tenable.com/plugins/nessus/192854 ]



RHEL 8: kernel (RHSA-2024:1607)



High



CVE-2024-30049 [ https://www.tenable.com/cve/CVE-2024-30049 ]

CVE-2024-30050 [ https://www.tenable.com/cve/CVE-2024-30050 ]

CVE-2024-30051 [ https://www.tenable.com/cve/CVE-2024-30051 ]



197006 [ https://www.tenable.com/plugins/nessus/197006 ]



KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)



High



CVE-2023-7101 [ https://www.tenable.com/cve/CVE-2023-7101 ]



197297 [ https://www.tenable.com/plugins/nessus/197297 ]



Spreadsheet::ParseExcel RCE (CVE-2023-7101)



High



CVE-2023-45648 [ https://www.tenable.com/cve/CVE-2023-45648 ]

CVE-2023-46589 [ https://www.tenable.com/cve/CVE-2023-46589 ]

CVE-2024-20903 [ https://www.tenable.com/cve/CVE-2024-20903 ]



189165 [ https://www.tenable.com/plugins/nessus/189165 ]



Oracle Database Server (January 2024 CPU)



Medium



CVE-2023-20867 [ https://www.tenable.com/cve/CVE-2023-20867 ]



177763 [ https://www.tenable.com/plugins/nessus/177763 ]



RHEL 8 : open-vm-tools (RHSA-2023:3949)



Low



"*Note:* "Operating System (OS)-level findings are remediated by the CMS Hybrid Cloud Team for customers who receive regular CMS Gold Image patching services. Please note that CMS customers are responsible for patching any software installed on top of the provided CMS Gold Image.


* For all accounts, CMS Hybrid Cloud will deploy auto-remediation for the following Security Hub controls:
* GuardRails / auto-remediations (Security Hub controls):
* EC2.19 [ https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-19 ] - Security groups should not allow unrestricted access to ports with high risk 

* Security Hub Control for manual ticketing:
* S3.8 [ https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-8 ] - S3 general purpose buckets should block public access

* CMS customer teams with existing findings for these Security Hub controls will receive a Jira ticket.
* Teams will either need to resolve the finding or obtain an exemption [ https://cloud.cms.gov/exemption-policy-guide-aws-security-hub ].

Expected Actions

* CMS customer teams with findings will receive a Jira ticket [ https://jiraent.cms.gov/secure/Dashboard.jspa ].
* If you would like to obtain an exemption or recast, you will need to complete an attestation.

* CMS customers should resolve all received Jira tickets as soon as possible.
* For help, please refer to the "Questions or Concerns" section below for instructions on how to submit a Hybrid Cloud Support Ticket [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ].

* Failure to resolve findings can lead to compromised systems that result in greater risks for unauthorized and/or malicious activity.
* Unresolved system flaws will result in Plan of Action and Milestones (POA&Ms) being issued against the Federal Information Security Modernization Act (FISMA) boundary.

Timeline

* *August 6th, 2024**:* CMS Customers with findings will receive Jira tickets [ https://jiraent.cms.gov/secure/Dashboard.jspa ] for the finding noted in the "Benefits" section above.
* *August 21st, 2024: *CMS Hybrid Cloud will add a new AWS Security Hub GuardRail to protect CMS systems from reintroducing findings back into the environment.

Additional Information

* Learn about Security Hub Campaigns [ https://cloud.cms.gov/cms-cloud-security-campaigns ]
* Exemption Policy Guide [ https://cloud.cms.gov/exemption-policy-guide-aws-security-hub ]

Questions or Concerns

We look forward to helping you and your team. Reach out to your CMS IUSG Advisor with any questions.

For further help on this issue, please fill out a Hybrid Cloud Support ticket [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ] specifying *Service *as "Security Hub" and *Request* as "Security Hub Findings".



Office of Information Technology




You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].

________________________________________________________________________

This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244


body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;} table.govd_hr {min-width: 100%;}