“We have large agencies, we have small agencies, and we’re working with them on their implementation of those baselines, their feedback on specific control statements, and their feedback on the tool and how it’s being used,” Poland said. Poland said the agency is piloting the automated tool developed to assess those Microsoft-specific security configurations, called “ScubaGear,” with 15 federal agencies. The TRA document provides agencies with a “vendor agnostic” approach, he said, to securing business applications across productivity, messaging, content management, collaboration and voice capabilities.Īt the same time, CISA is also testing out specific baseline configurations agencies can use to secure widely used services across the Microsoft 365 catalog. And now let’s work together to shore up the security around this.’” And we’re saying, ‘Look, you continue to use what you have. “We’re not trying to duplicate or replace something that agencies already have or CISA’s already doing. “We’re giving tools and resources to make sure that those environments more clearly aligned to zero trust,” Poland said.
The TRA document is the “foundational” document for the SCuBA program, Poland said, and one of the major tweaks CISA made to the finalized guidance is aligning the architecture to zero trust principles, as well as the federal zero trust strategy and CISA’s zero trust maturity model. Poland said CISA received nearly 500 comments on the documents that were finalized today, with responders representing an array of agencies, private industry, state and local governments, and others. Insight by Optum Serve: During this exclusive webinar, moderator Tom Temin and agency and industry leaders will discuss what opportunities and resources are available for veterans and how employers can better meet the needs of veterans. “We’re trying to provide actionable guidance that helps these organizations secure their environments,” Chad Poland, manager for cyber shared services at CISA, said in an interview. The idea behind the SCuBA project is to help agencies have a common understanding of security standards and configurations across widely used software-as-a-service applications, like Microsoft 365 and Google Workspace. The Cybersecurity and Infrastructure Security Agency is releasing finalized guidance for agencies today detailing how they can secure widely used cloud-based business applications and gain greater visibility into threats lurking on their networks.ĬISA’s Secure Cloud Business Applications (SCuBA) project released two guidance documents that have been in draft for just over a year: the Extensible Visibility Reference Framework (eVRF) and the SCuBA Technical Reference Architecture (TRA).
0 kommentar(er)
