The Cybersecurity and Infrastructure Security Agency (CISA) has recently released the first series of final security guidance resources under the organization's Secure Cloud Business Applications (SCuBA) project: the Extensible Visibility Reference Framework (eVRF) Guidebook and a Technical Reference Architecture (TRA) document. With input from public comment period in 2022, the final guidance documents help public and private entities implement necessary security and resilience best-practices for their cloud services.        

• The eVRF Guidebook provides an overview of the eVRF framework, which enables organizations to identify visibility data, mitigate threats, and understand the extent to which specific products and services provide visibility data and identify where potential gaps exist.  
• The TRA Document is a security guide that organizations can use to adopt technology for cloud deployment, adaptable solutions, secure architecture and zero trust frameworks. 

The SCuBA project provides guidance and capabilities to secure cloud business application environments and protect information created, accessed, shared, and stored in those environments. The eVRF Guidebook and TRA document further the project’s goal of developing consistent, effective, modern and manageable security configurations to help organizations adopt necessary cloud-focused security and resilience practices.