{"id":7515,"date":"2025-07-03T03:38:45","date_gmt":"2025-07-03T03:38:45","guid":{"rendered":"http:\/\/localhost\/?p=7515"},"modified":"2025-07-03T03:38:45","modified_gmt":"2025-07-03T03:38:45","slug":"what-cisas-bod-25-01-means-for-api-security-and-how-wallarm-can-help","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7515","title":{"rendered":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help"},"content":{"rendered":"<h2>Security Update News<\/h2>\n<h3>Update Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Update ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">WALLARMLAB:5DC660874004CAECEB00F9AA10397F31<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">wallarmlab<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-03T08:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Last Updated<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-03T08:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>Security Impact<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #666666; font-weight: bold;\">NONE<\/td>\n<\/tr>\n<\/table>\n<h3>Update Details<\/h3>\n<div style=\"; padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\nThe US government has taken another significant step towards strengthening cloud security with the release of CISA\u2019s Binding Operational Directive (BOD) 25-01. Aimed at improving the security posture of federal cloud environments, BOD 25-01 mandates robust configuration, visibility, and control across cloud-based services. While the directive doesn\u2019t explicitly name API security, securing modern cloud systems relies on securing APIs &#8211; including the ones security teams don\u2019t know about. <\/p>\n<p>## BOD 25-01 at a Glance <\/p>\n<p>BOD 25-01 requires U.S Federal Civilian Executive Branch (FCEB) agencies to adopt secure configuration baselines \u2013 called SCuBA Baselines \u2013 across cloud platforms like Microsoft 365. It mandates: <\/p>\n<p>  * **Inventory of all cloud tenants**<br \/>  * **Deployment of CISA-developed assessment tools**<br \/>  * **Implementation of mandatory security configurations**<br \/>  * **Continuous monitoring and remediation**<br \/>  * **Timely remediation of deviations**<\/p>\n<p>However, while primarily focused on SaaS, its core tenets \u2013 secure configuration, continuous monitoring, and centralized governance \u2013 have direct implications for API security. <\/p>\n<p>## What Does BOD 25-01 Mean for API Security?<\/p>\n<p>API security is at the core of cloud security. <\/p>\n<p>APIs power every modern cloud service. They connect users to data, systems to services, and apps to each other. If those APIs are misconfigured, exposed, or simply forgotten, attackers can quickly gain access.<\/p>\n<p>The challenge is that many APIs aren\u2019t captured in standard inventories or assessments. Shadow APIs \\- those left behind by previous development cycles, undocumented by teams, or deployed outside governance processes &#8211; don\u2019t show up in dashboards. However, they are live, reachable, and increasingly exploited. <\/p>\n<p>As attackers shift focus toward business logic abuse, lateral movement through APIs, and chaining misconfigurations across services, API exposures have become a critical bling spot. Agencies need to understand not just what APIs exist, but also what they do, who can access them, and how they behave in production. <\/p>\n<p>To fully comply with BOD 25-01, agencies need to treat API discovery, classification, and protection as core parts of their cloud security program. That means identifying all active APIs (not just the ones listed in developer docs), continuously monitoring their behavior, and enforcing consistent security controls across every endpoint. <\/p>\n<p>This also requires moving away from reactive auditing to proactive, runtime enforcement. APIs are dynamic; your security controls must be too. Without this level of API visibility and governance, cloud environments are left exposed, no matter how well SaaS configurations are locked down. <\/p>\n<p>Here\u2019s how Wallarm can help. <\/p>\n<p>## How Wallarm Helps with BOD 25-01 Compliance<\/p>\n<p>Meeting BOD 25-01\u2019s requirements isn\u2019t a checkbox exercise; it\u2019s about achieving real operational security across complex, cloud-native environments. That\u2019s where Wallarm fits in. <\/p>\n<p>Wallarm is designed to protect modern application architectures, giving security teams deep, real-time visibility into their API ecosystem, including the shadow APIs most platforms miss. It helps organizations go beyond static baselines and bring continuous security to every stage of the API lifecycle. Here\u2019s how we support key elements of the directive: <\/p>\n<p>**BOD 25-01 Requirement**| **Wallarm Capability**  <br \/>&#8212;|&#8212;  <br \/>**Inventory of all cloud tenants and assets**| Automatically discovers and inventories all APIs \u2013 documented, undocumented, and shadow.   <br \/>**Assessment and baseline enforcement**|  Continuously inspects API traffic and behavior against policy-defined security rules.   <br \/>**Continuous monitoring and reporting**|  Delivers real-time insights, anomaly detection, and actionable alerts across APIs.   <br \/>**Timely remediation of deviations**| Detects and blocks attacks in real time; integrates with CI\/CD to reduce fix cycles.  <br \/>**Support for secure configuration**|  Applies protection policies at runtime.   <\/p>\n<p>Traditional tools stop at asset visibility. Wallarm actively protects. Our platform doesn\u2019t just surface vulnerabilities, it blocks them. That means agencies and their partners can move from a reactive posture to proactive resilience, all while aligning with the spirit and letter of BOD 25-01.<\/p>\n<p>Our approach also aligns with the broader goals of the SCuBA initiative, making security both scalable and sustainable in dynamic environments. As agencies \u2013 and organizations at large \u2013 adopt more APIs, containerized services, and AI-powered applications, their attack surfaces are growing increasingly complex. Wallarm helps to remediate that complexity, delivering continuous discovery, runtime protection, and context-rich analytics that make incident response faster and more effective. <\/p>\n<p>Importantly, Wallarm supports the shift from point-in-time compliance to continuous assurance. By integrating seamlessly into production infrastructure and cloud-native stacks, Wallarm ensures that security doesn\u2019t slow innovation, it enables it. Whether it\u2019s protecting high-value SaaS applications, government APIs, or third-party integrations, Wallarm helps teams enforce security baselines not just at deployment, but at every request. <\/p>\n<p>For agencies navigating BOD 25-01, configuration baselines are just the beginning. Full compliance and absolute security require deep, ongoing visibility into how systems and APIs are behaving in real time. With Wallarm, that visibility becomes actionable protection. Ready to close the gap between compliance and security? Take a product tour today and see how Wallarm can help you discover, secure, and defend every API before attackers do.<\/p>\n<p>The post What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help appeared first on Wallarm.\n<\/p><\/div>\n<p><a href=\"https:\/\/lab.wallarm.com\/api-security-cisa-bod-25-01-how-wallarm-helps\/\" target=\"_blank\" style=\"display: inline-block; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Update News Update Information Title What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help Update ID WALLARMLAB:5DC660874004CAECEB00F9AA10397F31 Type wallarmlab Published&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,5,105],"class_list":["post-7515","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-wallarmlab"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7515\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help Update ID WALLARMLAB:5DC660874004CAECEB00F9AA10397F31 Type wallarmlab Published...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7515\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-03T03:38:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help\",\"datePublished\":\"2025-07-03T03:38:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515\"},\"wordCount\":873,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\",\"wallarmlab\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7515#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515\",\"name\":\"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-03T03:38:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7515\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7515#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7515","og_locale":"en_US","og_type":"article","og_title":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem","og_description":"Security Update News Update Information Title What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help Update ID WALLARMLAB:5DC660874004CAECEB00F9AA10397F31 Type wallarmlab Published...","og_url":"https:\/\/zero.redgem.net\/?p=7515","og_site_name":"zero redgem","article_published_time":"2025-07-03T03:38:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7515#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7515"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help","datePublished":"2025-07-03T03:38:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7515"},"wordCount":873,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","Vulnerability","wallarmlab"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7515#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7515","url":"https:\/\/zero.redgem.net\/?p=7515","name":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-03T03:38:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7515#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7515"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7515#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"What CISA\u2019s BOD 25-01 Means for API Security and How Wallarm Can Help"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7515"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7515\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}