CISA and the NSA released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).

• Use Secure Cloud Identity and Access Management Practices
• Use Secure Cloud Key Management Practices
• Implement Network Segmentation and Encryption in Cloud Environments
• Secure Data in the Cloud
• Mitigate Risks from Managed Service Providers in Cloud Environments

CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their cloud security.  

The NSA also released a Cybersecurity Information Sheet (CSI) on Tuesday entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.” This CSI provides guidance on how to use Zero Trust principles to strengthen internal network control and contain network intrusions to a segmented portion of the network. The Network and Environment Pillar is the fifth of seven pillars that make up the Zero Trust framework, they include:

• User
• Device
• Application & Workload
• Data
• Network & Environment
• Automation & Orchestration
• Visibility & Analytics

The purpose of Zero Trust principles is to operate under the assumption that threats already exist within the network boundaries. This is a type of mindset that allows personnel and organizations to attentively identify, protect against, and respond to cyber intrusions. WaterISAC encourages members to review this CSI and to apply Zero Trust principles in their environments. For more information on Tuesday’s CSI, access NSA. 

Access the NSA's full "Zero Trust" Cybersecurity Information Sheet below.