CISA releases cloud security model for public consultation

The agency has invited stakeholders to review newly published cyber security guidance.

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model for public consultation.

The TRA aims to guide agencies looking to securely migrate data to the cloud by explaining considerations for shared services, cloud migration, and cloud security posture management.

Meanwhile, the Zero Trust Maturity Model has been designed to support the development of zero-trust strategies and implementation plans.

The TRA — authorised under Executive Order 14028 — was developed in partnership with the United States Digital Service (USDS) and the Federal Risk and Authorization Management Program (FedRAMP).

“President Biden’s Cyber Executive Order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” Eric Goldstein, executive assistant director of cyber security, CISA, said.

“To meet agencies’ needs, we drafted the Zero Trust Maturity Model and Cloud Security TRA in coordination with USDS and FedRAMP.

“We are now requesting public comment to ensure our recommended cloud technology modernisation and zero trust efforts, respectively, enable the best visibility, flexibility, and security.”

The model is expected to be redeveloped following the consultation period, in a bid to incorporate stakeholder feedback.