Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Proposed US Guidance, Legislation Show Increasing Importance of Cloud Security

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced that it’s seeking public comment on a couple of guidance documents created as part of a project called Secure Cloud Business Applications (SCuBA), whose goal is to help improve visibility, standards and security practices for government cloud.

“The project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments,” CISA said.

SCuBAOne of the documents is the SCuBA Technical Reference Architecture (TRA), a security guide designed to help federal agencies adopt technology for cloud deployment, adaptable solutions, secure architecture, zero trust and agile development.

The second document, the Extensible Visibility Reference Framework (eVRF) guidebook, describes a framework that can be used by organizations to identify visibility data that can be used to mitigate threats, as well as to identify visibility gaps.

The deadline for commenting on the two documents is May 19, 2022.

“We are requesting public comment on these two products to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Our intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered our collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise,” CISA said.

While these resources are mainly intended for government agencies, CISA advises all organizations to use the guidance to improve cloud security.

The SCuBA project was created in response to an executive order on strengthening cybersecurity defenses signed by President Joe Biden in May 2021. The executive order also led to the creation of a federal zero trust strategy and a cyber safety review board.

Advertisement. Scroll to continue reading.

Nextgov reported on Monday that US lawmakers are working on bipartisan legislation that covers the cybersecurity responsibilities of private entities designated as “systemically important critical infrastructure.” These entities would be given some liability protection and access to government resources in exchange for implementing certain security controls to protect their systems and for reporting cybersecurity incidents to the government.

According to Nextgov, major cloud service providers, which until now have been considered off-limits for regulation, may be added to the list of systemically important critical infrastructure due to the big role they play in modern digital life.

Related: White House Proposes $10.9 Billion Budget for Cybersecurity

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.