The Cybersecurity and Infrastructure Security Agency (CISA) released a draft version of guidance that will further help agencies report cloud-security data to the National Cybersecurity Protection System (NCPS), giving CISA the needed visibility to track network traffic amid increasing cloud migrations.
Volume Two of the NCPS Cloud Interface Reference Architecture (NCIRA), released December 22, builds on NCIRA Volume One, released in December 2019. Volume One sets the stage with general guidance for reporting cloud security data, while the newly-released Volume Two offers a catalog of common reporting patterns for different types of cloud services, as well as complex multi-cloud deployments.
“The NCPS Program is evolving to ensure that security information about cloud-based traffic can be captured and analyzed and CISA analysts can continue to provide situational awareness and support to the agencies,” the document states.
The end goal of NCIRA is for agencies to provide data to CISA’s Cloud Log Aggregation Warehouse (CLAW), where CISA will collect and analyze security data to ensure visibility across government’s hybrid environment.
The draft document calls on agencies to pass on raw logs within 30 minutes of receiving them from a cloud service provider (CSP), preserve the cloud-native telemetry timestamp format for synchronization, and clearly show the provenance of the cloud security data, including any changes made to aggregate different data streams.
The bulk of the guidance consists of different reporting patterns, including direct reporting from the CSP to CISA, reporting from a security-as-a-service tool, and a data push of filtered log data to remove sensitive information, among other configurations.
While CISA does not plan to authorize particular services to ensure they meet the NCIRA architecture, the guidance encourages vendors to “develop overlays that identify how their agency customers can comply with EINSTEIN visibility requirements while using the CSP’s products and services.”
Comments on the draft are due by January 29, 2021.