CISA opens cloud security and zero trust consultation

By BizClik Admin
Share
CISA has released the Cloud Security Technical Reference Architecture and Zero Trust Maturity Model for public comment.

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public comment. As the federal government continues to expand past the traditional network perimeter, CISA says it is paramount that agencies implement data protection measures around cloud security and zero trust.

The TRA has been designed to guide agencies’ secure migration to the cloud by explaining considerations for shared services, cloud migration, and cloud security posture management. CISA’s Zero Trust Maturity Model assists agencies in the development of their zero trust strategies and implementation plans, and presents ways in which various CISA services can support zero trust solutions across agencies.

CISA developed the Cloud Security TRA in partnership with the United States Digital Service (USDS) and the Federal Risk and Authorisation Management Programme (FedRAMP). To expand this collaboration, CISA is releasing the document for public comment to collect critical feedback from agencies, industry, and academia to ensure the guidance fully addresses considerations for secure cloud migration.

“President Biden’s Cyber Executive Order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” said Eric Goldstein, Executive Assistant Director of Cybersecurity, CISA. “To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP. We are now requesting public comment to ensure our recommended cloud technology modernisation and zero trust efforts, respectively, enable the best visibility, flexibility, and security.”

Following the comment period, CISA will work with stakeholders to assess the valuable feedback and produce a new version of each guidance document. The public comment period is scheduled to conclude on Friday, October 1, 2021. During the comment period, members of the public can provide comments and feedback via email. Reviewers can submit their comments and feedback to [email protected].

For more details about the guidance documents and their impact, read EAD Goldstein’s blogs about the Cloud Security TRA here and about the Zero Trust Maturity Model here.

Read more at CISA

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security