Monday, June 10, 2024

U.S. Gov Cloud Security... An architecture

Have you got a project providing software services to the civil agencies of the U.S. Government? 

If so, you should be aware of the 'technical reference architecture' authored jointly by CISA, USDS, and the Federal Risk and Authorization Management Program.(*) 

Some of its provisions are likely going to find their way into RFPs and RFIs from the civil agencies.

From the document, we get this insight from the introduction:
This technical reference architecture is intended to provide guidance to agencies adopting cloud services in the following ways:

Cloud Deployment: provides guidance for agencies to securely transition to, deploy, integrate, maintain, and operate cloud services.
Adaptable Solutions: provides a flexible and broadly applicable architecture that identifies cloud capabilities and vendor agnostic solutions.
Secure Architectures: supports the establishment of cloud environments and secure infrastructures, platforms, and services for agency operations.
Development, Security, and Operations (DevSecOps): supports a secure and dynamic development and engineering cycle that prioritizes the design, development, and delivery of capabilities by building, learning, and iterating solutions as agencies transition and evolve.
Zero Trust: supports agencies as they plan to adopt zero trust architectures.

This technical reference architecture is divided into three major sections:

Shared Services: This section covers standardized baselines to evaluate the security of cloud services.
Cloud Migration: This section outlines the strategies and considerations of cloud migration, including explanations of common migration scenarios.
Cloud Security Posture Management: This section defines Cloud Security Posture Management (CSPM) and enumerates related security tools for monitoring, development, integration, risk assessment, and incident response in cloud environments.


CISA is the operational lead for federal civilian cybersecurity and executes the broader mission to understand and reduce cybersecurity risk of the nation
The United States Digital Service (USDS) is a senior team of technologists and engineers that support the mission of departments and agencies through technology and design.
Federal Risk and Authorization Management Program provides a cost-effective, risk-based approach for the adoption and use of cloud services by the Federal Government.

Like this blog? You'll like my books also! Buy them at any online book retailer!