CISA releases guidance on cloud security management

The Cybersecurity and Infrastructure Security Agency has published a draft of the Trusted Internet Connections (TIC) 3.0 Cloud Use Case, which provides guidelines for applying modern network security procedures on various cloud computing settings, Federal News Network reports. The document provides guidance for implementing security across Infrastructure-as-a-Service, Software-as-a-Service, Platform-as-a-Service and Email-as-a-Service deploymentsand presents a variety of security patterns with specific guidance for each. CISA Executive Assistant Director for Cybersecurity Eric Goldstein wrote in a blog post that the document is based on the cybersecurity executive order issued last May and the Cloud Security Technical Reference Architecture. This guidance also incorporates cloud-specific considerations, such as the shared services model and cloud security posture management principles outlined in the Cloud Security TRA, Goldstein wrote.Another unique aspect of this use case is that it was written from the vantage point of cloud-hosted services, as opposed to from the vantage point of the client accessing these services. CISA says it is accepting public comments on the document through July 22, after which it will begin work on a final version.