The Cybersecurity and Infrastructure Security Agency has published the Extensible Visibility Reference Framework Guidebook to help public and private organizations strengthen the defenses of their cloud-based services.
CISA on Tuesday also released a Technical Reference Architecture document as part of its Secure Cloud Business Applications project.
The agency requested public comment in 2022 on SCuBA, a program that aims to guide federal agencies in protecting data in their cloud business application environments, as well as the platforms themselves. The feedback CISA received is incorporated in the new guide materials.
The eVRF Guidebook is intended to help organizations navigate the EVR Framework for identifying products and services that provide visibility data. It is also expected to help pinpoint process gaps and minimize threats.
The TRA document, on the other hand, is meant to help entities make sound decisions in adopting cloud services, zero trust architecture and other related technologies and strategies.
“These resources will help organizations address cybersecurity and visibility gaps that have long hampered our collective ability to adequately understand and manage cyber risk,” said Eric Goldstein, CISA’s executive assistant for cybersecurity.