CISA Releases Updated Cloud Security Technical Reference Architecture
In response to Improving the Nation’s Cybersecurity Executive Order 14028 (EO), the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with FedRAMP and the United States Digital Service (USDS), developed the Cloud Security Technical Reference Architecture (TRA). On June 23rd, 2022, CISA released Version 2.0 of the Cloud Security TRA.
Per Section 3(c)(ii) of the Executive Order, the purpose of the Cloud Security TRA is to outline recommended approaches to cloud migration and data protection, as well as to serve as a guide for agencies to leverage for secure migration to the cloud.
CISA released the initial Cloud Security TRA for public comment from September to October 2021 to collect critical feedback from all stakeholders for the second version of the Cloud Security TRA that ensures the guidance fully addresses the scope of considerations for secure cloud migration. They then worked with the Office of Management and Budget (OMB), FedRAMP, and USDS to adjudicate the comments and produce this updated version of the guidance.
Learn more about the new cloud-adoption guidance for federal agencies from the CISA Cloud Security TRA blog.