FedScoop reports that the second version of the Cybersecurity and Infrastructure Security Agency's Cloud Security Technical Reference Architecture has been released.
The CSTRA provides guidance for agencies looking to securely migrate to the cloud, including planning considerations for cloud security posture management and shared services. The latest version of the document incorporates learnings from more than 300 public comments the agency received in September and implemented together with the Federal Risk and Authorization Management Program, US Digital Service and Office of Management and Budget.
While the TRA was developed for federal agencies, all organizations using or migrating to cloud environments should review this document and adopt the practices therein as applicable to most effectively manage organizational risk, said Eric Goldstein, CISAs executive assistant director for cybersecurity.
The same group of agencies is also planning to hold future talks on further improving guidance in accordance with the federal zero-trust architecture strategy, and with authorization from the Office of the National Cyber Director.