The Cybersecurity and Infrastructure Security Agency’s Secure Cloud Business Applications project, a.k.a. SCuBA, has released new guidance to assist federal agencies in implementing cybersecurity capabilities as they migrate identity authentication from traditional on-premises enterprise networks to the cloud.
The SCuBA Hybrid Identity Solutions Guidance aims to help agencies better understand identity management in a hybrid environment in which on-premises and cloud-based identity services are deployed as an agency’s primary identity system, CISA said Tuesday.
CISA outlined different approaches for incorporating cloud-based identity services for authentication and defined associated implementation and security considerations.
According to the document, agencies must plan to migrate to cloud-based, password-less authentication via their existing investments in public key infrastructure and personal identity verification or common access cards.
Agencies may also use the second version of the Fast Identity Online standardized authentication protocol or the Web Authentication standard.
CISA also recommends that agencies use modern authenticators and open standards-based protocols when transitioning to a cloud-primary authentication approach.