With Federal agencies increasingly turning to cloud service providers, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) at the same time is looking to increase visibility across government and secure networks.
“We have a new service under the National Cybersecurity and Protection System (NCPS) that’s called CLAW – Cloud Log Aggregation Warehouse environment,” said Sean Connelly, TIC Program Manager at CISA, speaking during an online event hosted by the General Services Administration on September 15. “CLAW focuses on identity for cloud native security information types and cloud vendors.”
The department released a draft of its first volume of cloud interface reference guidance last year and updated the guidance earlier this year to, among other things, include an appendix to show where NCPS fits in the cloud implementation workflow.
“As agencies leverage third-party security services to monitor network traffic to and from the internet and from the different environment, CISA’s CLAW also allows for the ingestion of data from these commercial vendors,” Connelly said.
“Ultimately what we are looking to do is [learn] what additional information of these environments is analytically relevant to accomplish this mission to protect Federal civilian agencies,” he said.
CISA released its Trusted Internet Connections (TIC) 3.0 guidance documents earlier this year, and Connelly said last month the agency will be starting to focus on more use cases to fill out its guidance.