The Cybersecurity and Infrastructure Security Agency is soliciting comments on two initial guidance documents that were developed as part of the Secure Cloud Business Applications project.
The SCuBA project seeks to help ensure the security of agency data assets in cloud environments through the development of modern security configurations, Eric Goldstein, executive assistant director for cybersecurity at CISA, wrote in a blog post published Tuesday.
SCuBA, which was funded via the American Rescue Plan Act of 2021, intends to help agencies implement security practices when using cloud services.
One of the documents is the SCuBA Technical Reference Architecture, a security guide that agencies can use to adopt tech platforms for zero-trust models, cloud deployment, secure architecture, and adaptable platforms.
CISA is also requesting input on the Extensible Visibility Reference Framework Guidebook, which is meant to help organizations determine potential visibility gaps and visibility data for use in threat mitigation.
“Our intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered our collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise,” Goldstein wrote.
“In addition, CISA is working towards guidance on recommended cybersecurity configuration based for select products that is likely to be released in the coming months,” he added.
Comments on the SCuBA guidance documents are due May 19th.