CISA opens cloud security and zero trust consultation
The Cybersecurity and Infrastructure Security Agency (CISA) has released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public comment. As the federal government continues to expand past the traditional network perimeter, CISA says it is paramount that agencies implement data protection measures around cloud security and zero trust.
The TRA has been designed to guide agencies’ secure migration to the cloud by explaining considerations for shared services, cloud migration, and cloud security posture management. CISA’s Zero Trust Maturity Model assists agencies in the development of their zero trust strategies and implementation plans, and presents ways in which various CISA services can support zero trust solutions across agencies.
CISA developed the Cloud Security TRA in partnership with the United States Digital Service (USDS) and the Federal Risk and Authorisation Management Programme (FedRAMP). To expand this collaboration, CISA is releasing the document for public comment to collect critical feedback from agencies, industry, and academia to ensure the guidance fully addresses considerations for secure cloud migration.
“President Biden’s Cyber Executive Order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” said Eric Goldstein, Executive Assistant Director of Cybersecurity, CISA. “To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP. We are now requesting public comment to ensure our recommended cloud technology modernisation and zero trust efforts, respectively, enable the best visibility, flexibility, and security.”
Following the comment period, CISA will work with stakeholders to assess the valuable feedback and produce a new version of each guidance document. The public comment period is scheduled to conclude on Friday, October 1, 2021. During the comment period, members of the public can provide comments and feedback via email. Reviewers can submit their comments and feedback to [email protected].
For more details about the guidance documents and their impact, read EAD Goldstein’s blogs about the Cloud Security TRA here and about the Zero Trust Maturity Model here.