CISA Releases Key Cloud and Zero Trust Guidance
CISA is accepting comments on the two documents through the end of the month.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.
“As the federal government continues to expand past the traditional network perimeter, it is paramount that agencies implement data protection measures around cloud security and zero trust,” CISA indicated.
The cloud security architecture is meant to help agencies conduct secure migration of data and information to the cloud. It explains considerations for shared services, cloud migration and cloud security posture management. The agency developed the Cloud Security Technical Reference Architecture in conjunction with officials from FedRAMP, the Federal Risk and Authorization Management Program, and the United States Digital Service (USDS)—a move driven by President Joseph Biden’s Executive Order 14028, which provided stipulations on improving the nation’s cybersecurity.
“To expand this collaboration, CISA is releasing the document for public comment to collect critical feedback from agencies, industry and academia to ensure the guidance fully addresses considerations for secure cloud migration,” the agency specified.
CISA’s Zero Trust Maturity Model, meanwhile, will guide organizations’ development of zero trust strategies and implementation plans. It also details the various CISA services that can support the agencies’ zero trust solutions. CISA first issued a draft of the Zero Trust Maturity Model to agencies in June to their compliance with the executive order, but it is now expanding the release for public comment.
“President Biden’s cyber executive order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” said Eric Goldstein, executive assistant director for cybersecurity, CISA. “To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP. We are now requesting public comment to ensure our recommended cloud technology modernization and zero trust efforts, respectively, enable the best visibility, flexibility and security.”
After the comment period closes, the agency said it will work with stakeholders “to assess the valuable feedback and produce a new version of each guidance document.”
Reviewers can submit their comments and feedback by email to firstname.lastname@example.org.