CISA Opens Cloud Security Technical Reference Architecture, Zero Trust Maturity Model Drafts to Public Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued new drafts of its Cloud Security Technical Reference Architecture and Zero Trust Maturity Model, making both documents available for public comment.

The Cloud Security Technical Reference Architecture is designed to recommend specific approaches to cloud migration and data protection, providing guidance for federal agencies to securely migrate to the cloud. The doc also explains considerations governing shared services, cloud migration and cloud security posture management.

The draft was created as part of a collaboration with the U.S. Digital Service (USDS) and the Federal Risk and Authorization Management Program (FedRAMP).

At the same time, CISA’s Zero Trust Maturity Model offers a roadmap for agencies to transition toward a “Zero Trust” architecture, assist development of Zero Trust strategies / implementation plans and present ways for CISA services to support such implementations. The Maturity Model includes pillars focused on providing specific examples of traditional, advanced and optimal Zero Trust architecture.

Both comment periods close on October 1, 2021.