CISA, NSA share best practices for securing cloud services
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [...]
The National Security Agency (NSA) is a U.S. intelligence authority whose guidance supports cybersecurity defense and cryptographic practice.
Search across headline titles and summaries.
Background for this topic.
NSA is the U.S. National Security Agency, responsible chiefly for signals intelligence (SIGINT)—collecting and analyzing foreign electronic communications and other signals—and for cybersecurity of U.S. national security systems. Its cybersecurity work includes cryptography, secure communications, technical standards and guidance, and coordinated advisories about threats and vulnerabilities. The tag may also cover the agency’s intelligence authorities and disclosures.
For practitioners, NSA advisories can provide threat indicators, exploit details, mitigations, and hardening advice, but their scope and authority matter: many recommendations target classified or other national-security systems rather than ordinary enterprise environments, and are not automatically legal or regulatory requirements. NSA activities can also raise privacy and governance questions around surveillance, vulnerability handling, and access to sensitive systems. Organizations should validate applicability, prioritize mitigations through vulnerability management, and protect NSA-derived threat intelligence and cryptographic guidance from unauthorized disclosure.
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [...]
The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. [...]