Home / News / CISA Urges Agencies to Implement NSA’s Cloud Security Recommendations

CISA Urges Agencies to Implement NSA’s Cloud Security Recommendations

The Cybersecurity and Infrastructure Security Agency is calling on agencies to review the National Security Agency’s guidance on mitigating cloud vulnerabilities to help inform future procurement decisions.

CISA said Friday that the NSA guide covers measures that organizations must take to prevent vulnerabilities such as misconfigurations, shared tenancy risks, poor access control and supply chain risks. Topics also covered in the information sheet include cloud encryption and key management, shared cloud responsibilities and cloud threat actors.

“Clouds can provide a number of security advantages over traditional, onpremises technology, such as the ability to thoroughly automate security-relevant processes, including threat and incident response,” according to the guide. “Security in the cloud is a constant process and customers should continually monitor their cloud resources and work to improve their security posture.” 

CISA’s announcement builds on the agency’s analysis reports on Microsoft Office 365 technologies and advanced persistent threats targeting information technology service providers.

Check Also

Air Force Directorate Accelerates Award of Phase II SBIR Contracts

The U.S. Air Force's digital directorate utilized a method that allowed the service branch to speed up the award of seven contracts worth $6.75M through the second phase of the Small Business Administration's Small Business Innovative Research vehicle.