CISA issues binding operational directive to agencies on adopting cloud security guidelines

The Cybersecurity and Infrastructure Security Agency is taking a deep dive into establishing secure cloud configuration requirements for civilian agencies through a binding operational directive to adopt guidelines from the agency’s Secure Cloud Business Applications project, known as “SCuBA.”

“Through the SCuBA project, CISA developed Secure Configuration Baselines, providing consistent and manageable cloud security configurations and assessment tools, allowing agencies and CISA to improve security for Federal Civilian Executive Branch (FCEB) assets hosted in cloud environments,” the BOD issued...