• The Cybersecurity and Infrastructure Security Agency has released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture and the Zero Trust Maturity Model, are open for public comment through September 30, the agency reported. Credit: Shutterstock/Andrey Suslov
     The Cybersecurity and Infrastructure Security Agency has released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture and the Zero Trust Maturity Model, are open for public comment through September 30, the agency reported. Credit: Shutterstock/Andrey Suslov

CISA Releases Key Cloud and Zero Trust Guidance

September 7, 2021
Posted by Kimberly Underwood
E-mail About the Author

CISA is accepting comments on the two documents through the end of the month.


The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.

“As the federal government continues to expand past the traditional network perimeter, it is paramount that agencies implement data protection measures around cloud security and zero trust,” CISA indicated.

The cloud security architecture is meant to help agencies conduct secure migration of data and information to the cloud. It explains considerations for shared services, cloud migration and cloud security posture management. The agency developed the Cloud Security Technical Reference Architecture in conjunction with officials from FedRAMP, the Federal Risk and Authorization Management Program, and the United States Digital Service (USDS)—a move driven by President Joseph Biden’s Executive Order 14028, which provided stipulations on improving the nation’s cybersecurity.

“To expand this collaboration, CISA is releasing the document for public comment to collect critical feedback from agencies, industry and academia to ensure the guidance fully addresses considerations for secure cloud migration,” the agency specified. 

CISA’s Zero Trust Maturity Model, meanwhile, will guide organizations’ development of zero trust strategies and implementation plans. It also details the various CISA services that can support the agencies’ zero trust solutions. CISA first issued a draft of the Zero Trust Maturity Model to agencies in June to their compliance with the executive order, but it is now expanding the release for public comment. 

“President Biden’s cyber executive order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” said Eric Goldstein, executive assistant director for cybersecurity, CISA. “To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP. We are now requesting public comment to ensure our recommended cloud technology modernization and zero trust efforts, respectively, enable the best visibility, flexibility and security.”

After the comment period closes, the agency said it will work with stakeholders “to assess the valuable feedback and produce a new version of each guidance document.”

Reviewers can submit their comments and feedback by email to tic@cisa.dhs.gov

In addition, Goldstein has prepared blogs about the Cloud Security TRA and about the Zero Trust Maturity Model.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Departments: 

Share Your Thoughts: