Reposted from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) joins the National Security Agency (NSA) as a partner in five cloud security Cybersecurity Information Sheets (CSIs) that provide recommended best practices and mitigation strategies for organizations transitioning their information technology resources to cloud environments. NSA released “Top Ten Cloud Mitigation Strategies”, a compilation of CSIs each on a different strategy to secure cloud environments and CISA co-sealed five of the ten. The CISA and NSA co-authored publications are:

• Use Secure Cloud Identity and Access Management Practices 
• Use Secure Cloud Key Management Practices 
• Implement Network Segmentation and Encryption in Cloud Environments  
• Secure Data in the Cloud
• Mitigate Risks from Managed Service Providers in Cloud Environments 

The CSI for each strategy includes an executive summary providing background information, details on threat models, best practices for strong cybersecurity and additional guidance to protect networks. All organizations need to understand that securing their information is a responsibility for both the cloud provider and user. All organizations using cloud environments are encouraged to review these strategies and assess how they can strengthen their security.

See Original Post