Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Proposed US Guidance, Legislation Show Increasing Importance of Cloud Security

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The United States is working on guidance and legislation that show the government is placing increasing importance on cloud security.

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday announced that it’s seeking public comment on a couple of guidance documents created as part of a project called Secure Cloud Business Applications (SCuBA), whose goal is to help improve visibility, standards and security practices for government cloud.

“The project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments,” CISA said.

SCuBAOne of the documents is the SCuBA Technical Reference Architecture (TRA), a security guide designed to help federal agencies adopt technology for cloud deployment, adaptable solutions, secure architecture, zero trust and agile development.

The second document, the Extensible Visibility Reference Framework (eVRF) guidebook, describes a framework that can be used by organizations to identify visibility data that can be used to mitigate threats, as well as to identify visibility gaps.

The deadline for commenting on the two documents is May 19, 2022.

“We are requesting public comment on these two products to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Our intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered our collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise,” CISA said.

While these resources are mainly intended for government agencies, CISA advises all organizations to use the guidance to improve cloud security.

The SCuBA project was created in response to an executive order on strengthening cybersecurity defenses signed by President Joe Biden in May 2021. The executive order also led to the creation of a federal zero trust strategy and a cyber safety review board.

Nextgov reported on Monday that US lawmakers are working on bipartisan legislation that covers the cybersecurity responsibilities of private entities designated as “systemically important critical infrastructure.” These entities would be given some liability protection and access to government resources in exchange for implementing certain security controls to protect their systems and for reporting cybersecurity incidents to the government.

According to Nextgov, major cloud service providers, which until now have been considered off-limits for regulation, may be added to the list of systemically important critical infrastructure due to the big role they play in modern digital life.

Related: White House Proposes $10.9 Billion Budget for Cybersecurity

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...