[CDP-development] New Cloud Services Guidance and Resources Available

[Masse, Theresa]

FYSA



The Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure Cloud Business Applications (SCuBA) Project is proud to announce its first series of guidance documents are now publicly available. With input from public comment period<https://www.cisa.gov/news-events/news/scuba-it-means-better-visibility-standards-and-security-practices-government-cloud> last year, the final security guidance consists of an Extensible Visibility Reference Framework (eVRF) Guidebook and Technical Reference Architecture (TRA) document, which will help public and private entities implement security, visibility, and resilience best practices for their cloud services. 



The eVRF Guidebook and TRA document further CISA’s goal of developing consistent, effective, modern, and manageable security configurations to help organizations adopt necessary cloud-focused security, visibility, and resilience practices. 

·       The eVRF Guidebook<https://www.cisa.gov/sites/default/files/2023-06/CSSO-SCUBA-eVRF%20Guidebook-guidance%20documentV2_508c.pdf> provides an overview of the eVRF framework, which enables organizations to identify visibility data, mitigate threats, and understand the extent to which specific products and services provide visibility data and identify where potential gaps exist. 

·       The TRA<https://www.cisa.gov/sites/default/files/2023-06/CSSO-SCUBA-TRA-guidance%20documentV2_508c.pdf> is a security guide that organizations can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks. 



CISA thanks all who contributed to the development of the eVRF and TRA and recommends that all organizations utilizing cloud services review the SCuBA TRA and eVRF Guidebook and implement practices therein where appropriate.



To download the eVRF Guidebook and TRA document, visit Secure Cloud Business Applications (SCuBA)<https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project>.



If you have any questions about the documents, contact CISA’s Cybersecurity Shared Services Office at CyberSharedServices at cisa.dhs.gov<mailto:CyberSharedServices at cisa.dhs.gov>.  



Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D9A8C3.0A009640]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230627/a5f1e9f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230627/a5f1e9f8/attachment-0001.png>