The Cybersecurity and Infrastructure Security Agency (CISA) today issued an updated version of its Cloud Security Technical Reference Architecture (TRA) that serves as guidance for Federal civilian agencies for secure migration to cloud services.
Like the previous version, the new guidance covers considerations for shared services, cloud migration, and cloud security posture management, CISA said, and “provides foundational guidance for organization to use public cloud, more security, and improve the ability of the Federal government to identify, detect, protect, respond, and recover from cyber incidents.”
The first version of the Cloud Security TRA debuted last September as one of several guidance documents for implementing President Biden’s Cybersecurity Executive Order issued in May 2021.
The latest version of the TRA incorporates feedback from more than 300 public comments received by CISA and the Office of Management and Budget (OMB). CISA said today that the comments “helped to further strengthen the Cloud Security TRA and fully address a host of considerations for secure cloud migration.”
The TRA was co-authored by CISA, the U.S. Digital Service, and the Federal Risk and Authorization Management Program (FedRAMP).
“The updated Cloud Security TRA is a key step forward for each agency’s transition to the cloud environment,” commented Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity.
“CISA and our partners will continue to provide expert, coherent, and timely guidance to help agencies modernize their networks with sound cybersecurity and resilience to protect against evolving cyber adversaries,” he said. “While the TRA was developed for Federal agencies, all organizations using or migrating to cloud environments should review this document and adopt the practices therein as applicable to most effectively manage organizational risk.”