25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

CISA Publishes Guidance on Securing Cloud Services

Posted By on Jun 28, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published guidance that details security and resilience best practices to adopt when utilizing cloud services. The new guidance can be followed by all organizations; however, the guidance is of particular importance for federal agencies and critical infrastructure entities. Cybercriminals and advanced persistent threat actors are increasingly targeting supply chains to attack federal government networks and critical infrastructure, and many attacks now target cloud-based environments. The latest guidance can be used by federal agencies, critical infrastructure entities, and others to secure cloud business application environments and protect information created, accessed, shared, and stored in those environments.

The guidance was developed under CISA’s Secure Cloud Business Applications (SCuBA) project, which was established and funded through the American Rescue Plan Act of 2021. The aim of the project is to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments. The first resources to be published under this project are an Extensible Visibility Reference Framework (eVRF) Guidebook that can be used to identify visibility data, mitigate threats, understand the extent to which specific products and services provide visibility data, and identify potential visibility gaps. The eVRF is accompanied by a Technical Reference Architecture (TRA) document that can be used when adopting technology for cloud deployment, solutions, secure architecture, and zero trust frameworks.

“The final eVRF and TRA provides all organizations, including federal agencies, with adaptable, flexible, and timely guidance. These resources will help organizations address cybersecurity and visibility gaps that have long hampered our collective ability to adequately understand and manage cyber risk,” said CISA Executive Assistant for Cybersecurity, Eric Goldstein.

CISA has also confirmed that it is working on new guidance that will include recommended cybersecurity configurations for specific products, which will be released over the coming months.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist