The Cybersecurity and Infrastructure Security Agency is calling on agencies to review the National Security Agency’s guidance on mitigating cloud vulnerabilities to help inform future procurement decisions.
CISA said Friday that the NSA guide covers measures that organizations must take to prevent vulnerabilities such as misconfigurations, shared tenancy risks, poor access control and supply chain risks. Topics also covered in the information sheet include cloud encryption and key management, shared cloud responsibilities and cloud threat actors.
“Clouds can provide a number of security advantages over traditional, onpremises technology, such as the ability to thoroughly automate security-relevant processes, including threat and incident response,” according to the guide. “Security in the cloud is a constant process and customers should continually monitor their cloud resources and work to improve their security posture.”
CISA’s announcement builds on the agency’s analysis reports on Microsoft Office 365 technologies and advanced persistent threats targeting information technology service providers.