Implementing SaaS Security Guidelines Cyber Range Training (SS213)

#1723759: Implementing SaaS Security Guidelines Cyber Range Training (SS213)

Description:	The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Securing Systems laboratory-style training, Implementing SaaS Security Guidelines (SS213). We are excited to share this information with stakeholders across the Federal enterprise and nationally. This laboratory-style training is intended for a non-technical audience and anyone involved in the procurement or development of cloud business applications, delivered through a Software as a Service (SaaS) model including: Cloud architects and engineers, Network architects and engineers, Cybersecurity program managers, and Cybersecurity Analysts. With the increasing use of SaaS applications in Government agencies, and in response to Executive Order 14028 “Improving the Nation’s Cybersecurity,” CISA in collaboration with the United States Digital Service (USDS) and FedRAMP, developed the Cloud Security Technical Reference Architecture (TRA). This guide will assist agencies as they securely transition to the cloud. In addition, CISA created the Secure Cloud Business Applications (SCuBA) project to provide guidance to address cybersecurity and visibility gaps in FCEB cloud business applications. This laboratory-style training will achieve the following:   Identify and Mitigate Vulnerabilities: Gain skills to spot and tackle cyber security issues in federal cloud applications, focusing on a zero-trust strategy and integrating various cloud security services. Understand SCuBA Technical Reference Architecture (TRA) and Visibility Reference Framework (eVRF): Learn about the SCuBA project and its guidelines for securing cloud-based business applications. Utilize the MITRE ATT&CK framework: Discover how the MITRE ATT&CK framework helps identify threats and tactics specific to cloud platforms. Receive Key Organizational Guidance: Get specific advice on cloud security practices and strategies for implementing security controls in Software as a Service (SaaS). Establish Security Baselines: Learn to set security baselines for cloud applications and apply recommended configurations, including password complexity and multifactor authentication. Evaluate M365 Software Security: Use SCuBAGear software to scan Microsoft 365 applications and check their compliance with security baselines. Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.
More info:	https://cisa.webex.com/webappng/sites/cisa/meeting/register/80cab7819e654d5d92ff89915eb67390?ticket=4832534b0000000680338f3918938f7cc47e24b4c0c0ab8d420e0d1c44e713410cf78163c7bf0e75&timestamp=1770760110394&RGID=rb60e1860455ce7296c832ec936130765&isAutoPopRegisterForm=false

Description:

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Securing Systems laboratory-style training, Implementing SaaS Security Guidelines (SS213). We are excited to share this information with stakeholders across the Federal enterprise and nationally.

This laboratory-style training is intended for a non-technical audience and anyone involved in the procurement or development of cloud business applications, delivered through a Software as a Service (SaaS) model including: Cloud architects and engineers, Network architects and engineers, Cybersecurity program managers, and Cybersecurity Analysts.

With the increasing use of SaaS applications in Government agencies, and in response to Executive Order 14028 “Improving the Nation’s Cybersecurity,” CISA in collaboration with the United States Digital Service (USDS) and FedRAMP, developed the Cloud Security Technical Reference Architecture (TRA). This guide will assist agencies as they securely transition to the cloud. In addition, CISA created the Secure Cloud Business Applications (SCuBA) project to provide guidance to address cybersecurity and visibility gaps in FCEB cloud business applications.

This laboratory-style training will achieve the following:  

Identify and Mitigate Vulnerabilities: Gain skills to spot and tackle cyber security issues in federal cloud applications, focusing on a zero-trust strategy and integrating various cloud security services.

Understand SCuBA Technical Reference Architecture (TRA) and Visibility Reference Framework (eVRF): Learn about the SCuBA project and its guidelines for securing cloud-based business applications.

Utilize the MITRE ATT&CK framework: Discover how the MITRE ATT&CK framework helps identify threats and tactics specific to cloud platforms.

Receive Key Organizational Guidance: Get specific advice on cloud security practices and strategies for implementing security controls in Software as a Service (SaaS).

Establish Security Baselines: Learn to set security baselines for cloud applications and apply recommended configurations, including password complexity and multifactor authentication.

Evaluate M365 Software Security: Use SCuBAGear software to scan Microsoft 365 applications and check their compliance with security baselines.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.

More info:

https://cisa.webex.com/webappng/sites/cisa/meeting/register/80cab7819e654d5d92ff89915eb67390?ticket=4832534b0000000680338f3918938f7cc47e24b4c0c0ab8d420e0d1c44e713410cf78163c7bf0e75&timestamp=1770760110394&RGID=rb60e1860455ce7296c832ec936130765&isAutoPopRegisterForm=false

Date added	Feb. 10, 2026, 10:50 p.m.
Source	Webex
Subjects	PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. SAAS / Software as a service Security Guidelines / Checklists etc US Cybersecurity and Infrastructure Security Agency (CISA) - Previously US-CERT
Venue	March 10, 2026, midnight - March 10, 2026, midnight