Kamso Oguejiofor-Abugu
Published on: June 28, 2023 
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of finalized guidance resources aimed at helping agencies secure cloud-based business applications and enhance threat visibility within their networks.
The finalized guidance, developed under CISA’s Secure Cloud Business Applications (SCuBA) project, includes two important documents: the Extensible Visibility Reference Framework (eVRF) and the SCuBA Technical Reference Architecture (TRA).
“The Secure Cloud Business Applications (SCuBA) project provides guidance and capabilities to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments,” CISA said in a blog post. “SCuBA will help secure federal civilian executive branch (FCEB) information assets stored within cloud environments through consistent, effective, modern, and manageable security configurations.”
The finalized TRA document serves as the foundation of the SCuBA program and a security guide that agencies can use to adopt technology for cloud deployment, secure architecture, adaptable solutions, and zero trust frameworks including the federal zero trust strategy, and CISA’s zero trust maturity model.
CISA is also piloting an automated tool called “ScubaGear” with 15 federal agencies to assess and implement Microsoft-specific security configurations across the Microsoft 365 catalog. The agency has already seen significant interest in the ScubaGear tool, which has been downloaded over 1,700 times from GitHub.
The eVRF document, on the other hand, offers an outline of the eVRF framework, empowering organizations to recognize visibility data for threat mitigation, assess the extent to which products and services provide such data, and identify any potential visibility gaps.
“It’s a framework that allows organizations to assess themselves,” Chad Poland, manager for cyber shared services at CISA, said in an interview. “Where they’re blind and where they have visibility gaps, how they can shore up and provide better visibility coverage to make sure that they can track all the different telemetry coming in and out of their enterprises.”
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Automotive / EVs, Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- BlockOffsets. Modernizing Environmental Offset Ownership. Access Here.
- Source: https://www.safetydetectives.com/news/cisa-empowers-agencies-with-finalized-guidance-to-secure-cloud-services/
