The Cybersecurity and Infrastructure Security Agency (CISA) https://www.cisa.gov works collaboratively with interagency partners to implement improvements to make federal civilian agencies more resilient to cyber threats.
As the nation’s cyber defense agency, CISA leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on. CISA has published their second version of “Cloud Security Technical Reference Architecture (TRA)” designed to guide agencies’ secure migration to the cloud.
The document co-authored by CISA, the U.S Digital Service (USDS), and FedRAMP provides guidance for organizations on how to use the public cloud more securely in order to enable the federal government to identify, detect, protect, respond, and recover from cyber incidents.
In consultation with the Office of Management and Budget, the three agencies received more than 300 comments in September 2021. This feedback helped to further strengthen the Cloud Security TRA and fully address a host of considerations for secure cloud migration.
According to Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, “The updated Cloud Security TRA is a key step forward for each agency’s transition to the cloud environment.
While the TRA was developed for federal agencies, all organizations using or migrating to cloud environments should review the document and adopt the practices which are applicable to effectively help manage organizational risk.
Go to https://cisa.gov/newsroom for the press release “CISA Releases Second Version of Guidance for Secure Migration to the Cloud (June 23, 2022).