Cloud security improvements are being mulled in the U.S. amid growing threats, according to SecurityWeek.
The Cybersecurity and Infrastructure Security Agency has opened public comments for Secure Cloud Business Applications guidance aimed at bolstering government cloud visibility, standards, and security practices. Comments could be submitted for the SCuBA Technical Reference Architecture document, which contains guidelines for federal cloud, zero trust, and secure architecture deployment, as well as the Extensible Visibility Reference Framework guidebook, which details pointers on determining visibility data that could be leveraged for threat mitigation, until May 19.
"We are requesting public comment on these two products to ensure our guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. Our intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered our collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise," said CISA.
Meanwhile, bipartisan legislation aimed at designating major cloud service providers as members of systematically important critical infrastructure is being considered in Congress.
BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog to include the high-severity Windows Support Diagnostic Tool zero-day and UnRAR utility vulnerabilities following active exploitation in the wild.
TechCrunch reports that data protection software provider Spin Technology has landed $16 million in a Series A funding round, which will be allocated toward further expansion as it aims to strengthen the defenses of software-as-a-service apps against cyberattacks.