Cyber

CISA issues updated cloud security resources for federal agencies

The agency says the new documentation will help government departments implement cloud cybersecurity best practices.

June 27, 2023

The DHS and CISA booth at the 2019 RSA conference in San Francisco. (Scoop News Group photo)

The Cybersecurity and Infrastructure Security Agency has published final cloud cybersecurity guidance for U.S. government agencies as part of its Secure Cloud Business Applications Project.

With the project, the federal cybersecurity agency has issued an extensible visibility reference framework guidebook and a technical reference architecture document, which it says will help public and private entities implement cloud cybersecurity best practices.

The fresh guidance comes after CISA in October issued recommended Microsoft 365 security configuration baselines for use in cloud security pilots by federal agencies and for public comment.

CISA’s Secure Cloud Business Applications project is focused on helping to protect sensitive information by providing agencies with minimum system specifications they must adhere to.

According to the agency, the technical reference architecture document is focused on helping government agencies to adopt technology for cloud deployment, adaptable solutions and zero-trust frameworks.

Commenting on the new documentation, CISA Executive Assistant for Cybersecurity Eric Goldstein said: “As evidenced by supply chain compromises and associated cyber threat campaigns, persistent threat actors continue to evolve their capabilities with the intent to compromise federal government networks and critical infrastructure, whether on on-premises or cloud-based environments.”

“The final eVRF and TRA provides all organizations, including federal agencies, with adaptable, flexible, and timely guidance. These resources will help organizations address cybersecurity and visibility gaps that have long hampered our collective ability to adequately understand and manage cyber risk,” he said.

Last month, a report issued by the Government Accountability Office found that four federal agencies were not fully implementing requirements set out in the Federal Risk and Authorization Management Program.

Despite the decade-old mandate that agencies use FedRAMP to ensure services meet federal cloud security standards, the four departments — Treasury, Labor, Homeland Security and Agriculture — inconsistently implemented the program’s requirements, according to the audit.

CISA issues updated cloud security resources for federal agencies

More Like This

Security flaws in IRS systems pose risk to financial statements, GAO says

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

Top Stories

ACLU seeks AI records from NSA, Defense Department in new lawsuit

IRS touts Direct File usage, while mulling the future of the program

DHS launches safety and security board focused on AI and critical infrastructure

GSA welcomes nominations for advisory committee focused on federal transparency efforts

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

More Scoops

Top public sector takeaways from Google Cloud Next 2024

Federal cloud modernization bill passes through Senate panel

New FedRAMP roadmap details imminent plans for modernization

Department of Homeland Security lays out AI plans in new roadmap

CISA, OMB release secure software development attestation form

Federal Highway Administration wants feedback on proposal to use cyber tool

Federal leaders on accelerating the mission with AI and security

Latest Podcasts

CISA issues updated cloud security resources for federal agencies

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition