The US CISA has published the first series of guidance resources under its Secure Cloud Business Applications (SCuBA) project. The ‘Extensible Visibility Reference Framework (eVRF) Guidebook’ and a Technical Reference Architecture (TRA) document provide guidance for developing and managing cloud services security and resilience.
- The eVRF Guidebook ‘provides an overview of the eVRF framework, which enables organizations to identify visibility data, mitigate threats, and understand the extent to which specific products and services provide visibility data and identify where potential gaps exist’.
- The TRA document is ‘a security guide that organizations can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks’.
The SCuBA project provides guidance and capabilities to secure cloud business application environments and protect information created, accessed, shared, and stored in those environments. The project’s goal is to develop consistent, effective, modern, and manageable security configurations to help organizations adopt necessary cloud-focused security and resilience practices.