Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Proposed US Guidance, Legislation Show Increasing Importance of Cloud Security

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced that it’s seeking public comment on a couple of guidance documents created as part of a project called Secure Cloud Business Applications (SCuBA), whose goal is to help improve visibility, standards and security practices for government cloud.

“The project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments,” CISA said.

SCuBAOne of the documents is the SCuBA Technical Reference Architecture (TRA), a security guide designed to help federal agencies adopt technology for cloud deployment, adaptable solutions, secure architecture, zero trust and agile development.

The second document, the Extensible Visibility Reference Framework (eVRF) guidebook, describes a framework that can be used by organizations to identify visibility data that can be used to mitigate threats, as well as to identify visibility gaps.

The deadline for commenting on the two documents is May 19, 2022.

“We are requesting public comment on these two products to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Our intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered our collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise,” CISA said.

While these resources are mainly intended for government agencies, CISA advises all organizations to use the guidance to improve cloud security.

The SCuBA project was created in response to an executive order on strengthening cybersecurity defenses signed by President Joe Biden in May 2021. The executive order also led to the creation of a federal zero trust strategy and a cyber safety review board.

Advertisement. Scroll to continue reading.

Nextgov reported on Monday that US lawmakers are working on bipartisan legislation that covers the cybersecurity responsibilities of private entities designated as “systemically important critical infrastructure.” These entities would be given some liability protection and access to government resources in exchange for implementing certain security controls to protect their systems and for reporting cybersecurity incidents to the government.

According to Nextgov, major cloud service providers, which until now have been considered off-limits for regulation, may be added to the list of systemically important critical infrastructure due to the big role they play in modern digital life.

Related: White House Proposes $10.9 Billion Budget for Cybersecurity

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.