"CISA Releases Key Cloud and Zero Trust Guidance"

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has released two documents aimed at strengthening the cybersecurity practices of government agencies and organizations. The documents titled the "Cloud Security Technical Reference Architecture" (TRA) and "Zero Trust Maturity Model" have been released for public comment through September 30. CISA emphasizes the importance of implementing data protection measures around cloud security and zero trust as the federal government continues to surpass the traditional network perimeter. The cloud security architecture will help agencies securely migrate data and information to the cloud. It delves into what agencies should consider regarding shared services, cloud migration, and cloud security posture management. Zero Trust has become more critical than ever as digital transformation efforts accelerate, the attack surface grows, and traditional perimeter-based security methods continue to fail. The zero trust security model maintains strict access controls and does not trust anyone by default, including those already within the network perimeter. This approach acknowledges that threats exist both inside and outside network boundaries. CISA's Zero Trust Maturity Model will guide organizations during the development of zero trust strategies and implementation plans. It will also provide details on the different CISA services that can support agencies' zero trust solutions. This article continues to discuss CISA's release of the TRA and Zero Trust Maturity Model for public comment and the goals of these documents. 

AFCEA reports "CISA Releases Key Cloud and Zero Trust Guidance"