CISA opens cloud security and zero trust consultation

CISA has released the Cloud Security Technical Reference Architecture and Zero Trust Maturity Model for public comment.

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public comment. As the federal government continues to expand past the traditional network perimeter, CISA says it is paramount that agencies implement data protection measures around cloud security and zero trust.

The TRA has been designed to guide agencies’ secure migration to the cloud by explaining considerations for shared services, cloud migration, and cloud security posture management. CISA’s Zero Trust Maturity Model assists agencies in the development of their zero trust strategies and implementation plans, and presents ways in which various CISA services can support zero trust solutions across agencies.

CISA developed the Cloud Security TRA in partnership with the United States Digital Service (USDS) and the Federal Risk and Authorisation Management Programme (FedRAMP). To expand this collaboration, CISA is releasing the document for public comment to collect critical feedback from agencies, industry, and academia to ensure the guidance fully addresses considerations for secure cloud migration.

“President Biden’s Cyber Executive Order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” said Eric Goldstein, Executive Assistant Director of Cybersecurity, CISA. “To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP. We are now requesting public comment to ensure our recommended cloud technology modernisation and zero trust efforts, respectively, enable the best visibility, flexibility, and security.”

Following the comment period, CISA will work with stakeholders to assess the valuable feedback and produce a new version of each guidance document. The public comment period is scheduled to conclude on Friday, October 1, 2021. During the comment period, members of the public can provide comments and feedback via email. Reviewers can submit their comments and feedback to [email protected].

For more details about the guidance documents and their impact, read EAD Goldstein’s blogs about the Cloud Security TRA here and about the Zero Trust Maturity Model here.

Read more at CISA


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security