CISA obliges US federal agencies to adopt cloud security standards

16 January 2025 2 minutes Author: Newsman

The US Cyber ​​Infrastructure Security Administration (CISA) has issued a directive requiring federal civilian agencies to use the SCuBA (Secure Cloud Business Application) security standard. A directive has been published that requires the use of SCuBA (Secure Cloud Business Application) security standards. These standards will help protect the cloud environments of government institutions from unauthorized access by hackers.

Institutions must notify CISA of their cloud systems by February 2025, certify their security by April 2025 and implement the required security policies by June 2025. Requirements include implementation of security testing tools, automated threat monitoring, and compliance with configuration standards. The directive was motivated in part by the 2020 SolarWinds attack, which highlighted the need for a unified approach to protecting cloud systems, and CISA is calling on all organizations, not just federal agencies, to implement these standards.

In 2020, the SolarWinds attack exposed a significant gap in the security of the US government’s cloud environment. This became the catalyst for the SCuBA project. Previously, these standards were not mandatory, and different government agencies had different levels of security. The new CISA directive aims to harmonize security policies and reduce vulnerabilities in government networks.

Implementation of CISA Directive on SCuBA Standards is an important step in improving the cybersecurity of federal government cloud systems CISA has implemented a mandatory directive for US federal agencies to strengthen the security of cloud systems according to SCuBA standards.

Other related articles
News
Read more
Headline FTC orders GoDaddy to improve cybersecurity after multiple breaches
GoDaddy has been ordered to implement a comprehensive cybersecurity program following a series of data breaches between 2019 and 2022. The US Federal Trade Commission required the company to implement multi-factor authentication, SIEM systems and independent auditing. Customers are advised to contact their hosting providers regarding security measures.
73
Found an error?
If you find an error, take a screenshot and send it to the bot.