Click to edit Master title style
|
|
- Katherine Moody
- 6 years ago
- Views:
Transcription
1 Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative 1
2 The Problem Statement Problem: How do we best perform security authorization and continuous monitoring for large outsourced and multi-agency systems? Government is increasing its use of large shared and outsourced systems Technical drivers: the move to cloud computing, virtualization, service orientation, and web 2.0 Cost savings: through datacenter and application consolidation Independent agency risk management of shared systems causes problems and inefficiencies 2
3 Click The Problem: to edit Master Independent title style Agency Risk Management of Shared Systems Federal Agencies : Duplicative risk management efforts : Incompatible agency policies : Acquisition slowed by lengthy compliance processes Outsourced Systems : Potential for inconsistent application of Federal security requirements 3
4 The Solution: FedRAMP Federal Risk and Authorization Management Program A government-wide initiative to provide joint authorizations and continuous security monitoring services Unified government-wide risk management Agencies would leverage FedRAMP authorizations (when applicable) This does not supplant existing agency authority to use systems that meet their security needs Initial focus on cloud computing 4
5 Click The Solution: to edit Master Government-wide title style Risk Management of Shared Systems Federal Agencies FedRAMP Risk Management -Authorization -Continuous Monitoring -Federal Security Requirements Outsourced Systems : Risk management cost savings and increased effectiveness : Interagency vetted approach : Rapid acquisition through consolidated risk management : Consistent application of Federal security requirements FedRAMP: Federal Risk and Authorization Management Program 5
6 Vendor Perspective Coverage of the Federal market Vendor Vendor Acquiring Agencies FedRAMP Products publicly listed as FedRAMP authorized 6
7 Agency Perspective Independent Agency Effort Leveraged Authorization Security Control Selection Security Implementation Security Assessment Authorization Plan of Action and Milestones Monitoring : Large costs : Slower acquisition : Significant effort Review security details Leverage the existing authorization Secure agency usage of system Assurance strengthened through a centralized focused effort : Greatly reduced costs : Enables rapid acquisition : Reduced effort Ability to shift compliance workload to central entity 7
8 Agency Responsibilities Agencies should review FedRAMP authorization packages prior to leveraging them Determine suitability to agencies mission/risk posture Determine if additional security work is needed Agencies should perform agency specific security activities FedRAMP will publish a list of security controls that are the responsibility of the agency (can t be done government-wide) Agencies should maintain their security controls as a separate system 8
9 Vendor Responsibilities Implementation of government-wide baseline security requirements Create and vet system security plan with FedRAMP Arrange for an independent assessment Prepare proposed authorization package Iteratively work with FedRAMP to prepare package for authorization Perform continuous monitoring and periodically provide FedRAMP evidences and artifacts 9
10 Conceptual FedRAMP Case Study Agency X acquires the ZipCloud service from ZipCorp X offloads risk management work to FedRAMP FedRAMP accepts the work, reducing duplicative efforts by the many agencies using ZipCloud ZipCorp performs risk management work once with FedRAMP for ZipCloud Agencies save money and time by leveraging the FedRAMP authorization when acquiring ZipCloud ZipCorp saves money and time by not having to perform independent security efforts with each agency Agencies perform agency specific security work 10
11 Click FedRAMP to edit Components Master title style Security Requirement Authorities Security Requirements Create government-wide baseline for specific domains Interagency developed and approved FedRAMP Office Program Management Authorization package coordination Management of authorized system list Security Reviews and Continuous Monitoring Technical analysis of authorization packages Security measurement Continuous monitoring oversight Joint Authorization Board Risk Acceptance and Authorization Performs authorizations to be leveraged governmentwide Ongoing determination of risk Note: each of the three major components collaborate but maintain independence 11
12 FedRAMP Relationships Joint Authorization Board Security Requirement Authorities FedRAMP Office Government Information System Owners Private Sector Providers 12
13 FedRAMP Interagency Roles FedRAMP Office Managed by GSA OMB liaison: policy coordination NIST liaison: technical advisor role Joint Authorization Board DOD, GSA, DHS + sponsoring agency (of authorized system) Security Requirement Authorities Initially: Federal Cloud Initiative Technical work by the Cloud Computing Security Working Group (CCSWG) Ultimately: ISIMC Working Groups 13
14 System Submission and Selection Process Agencies submit proposed target systems Only services that the agency is using or plans to use Agency sends a memo to FedRAMP with the request FedRAMP will prioritize submissions 1. Systems in use by the government and deemed as high priority by the CIO council or Federal CIO 2. Systems with multiple sponsoring agencies 3. Systems with one sponsoring agency 4. Government developed systems sponsored by the developing agency Within a priority level, the more active or projected users the higher the priority. 14
15 Overview of FedRAMP Responsibilities Activity Responsible Parties Additional Notes Security Requirements System Submission and Selection Authorization Package Creation Security Requirement Authorities Sponsoring agency Service provider Initially CCSWG migrating to ISIMC With FedRAMP prioritization of work With FedRAMP Office guidance System Assessment Independent third party Paid for by service provider Authorization Package Review FedRAMP Office Sponsoring agency assistance Security Authorization Joint Authorization Board Includes DOD, DHS, and GSA plus the sponsoring agency Continuous Monitoring Service provider with FedRAMP oversight Possible agency participation FISMA Reporting Sponsoring agency With FedRAMP input 15
16 Summary of FedRAMP Goals Create a unified risk management process that increases security through focus assessments, eliminates duplication of effort and associated cost savings enables rapid acquisition by leveraging preauthorized solutions, provides agency vetted transparent security requirements and authorization packages, facilitates multi-agency use of shared systems, ensures integration with government-wide security efforts 16
17 Summary of Agency Usage of FedRAMP Agencies retain their authority to use information systems that meet their security needs FedRAMP provides a service where agencies leverage FedRAMP joint authorizations Continuous monitoring services are provided Agencies typically need to perform agency-specific security assessment and authorization activities (only a small fraction of the total authorization work) 17
18 Questions? Presenter Name: Peter Mell Initial FedRAMP Program Manager
19 Supplemental Material FedRAMP processes for assessment, authorization, and continuous monitoring FedRAMP initial focus on cloud computing NIST cloud computing definition NIST cloud framework 19
20 Click Overview to edit of FedRAMP Master title Government-Wide style Risk Management Process Risk Management Framework Steps 1-4 Government Wide Cloud Provider/Independent 3 rd party Activity 1: Categorize Information and Information System Activity 2 : Create Security Specifications (including security control selection) Executed Once per Type Activity 3: Implement Security Controls Activity 4: Assess Security Controls Activity 5: Create Authorization Package Executed Once per System Risk Management Framework Step 5 Government Wide Activity 6: Authorize System Agencies Activity 7: Agency Review and Acceptance of Government Wide Authorization Executed Once per System Executed Once per Agency Risk Management Framework Step 6 See Risk Management Framework (NIST revision 1) for step details Provider Activity 8: Perform Continuous Monitoring Executed Continuously per System Government Wide Activity 9: Monitor and Accept Ongoing Level of Risk Executed Continuously per System
21
22
23
24 The NIST Cloud Definition Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The full extended definition is available at:
25 The NIST Cloud Definition Framework Deployment Models Service Models Essential Characteristics Hybrid Clouds Private Cloud Community Cloud Public Cloud Infrastructure Software as a Platform as a as a Service Service (SaaS) Service (PaaS) (IaaS) On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service Common Characteristics Massive Scale Homogeneity Virtualization Low Cost Software Resilient Computing Geographic Distribution Service Orientation Advanced Security
26 Click Interagency to edit Effort Master Conducted title style within the Cloud Computing Security Working Group Department of Commerce (DOC) National Institute of Standards and Technology (NIST), Chair Department of Defense (DOD) Defense Information Systems Agency (DISA) National Security Agency (NSA) Department of Education (ED) Department of Energy (DOE) Department of Health and Human Services (HHS) Department of Homeland Security (DHS) Department of Housing and Urban Development (HUD) Department of Justice (DOJ) Department of Labor (DOL) General Services Administration (GSA) Office of Management and Budget (OMB) Social Security Administration (SSA) United States Postal Service (USPS) 26
Introduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationFedRAMP Security Assessment Framework. Version 2.0
FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More informationALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast
21 ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards
More informationFedRAMP Security Assessment Framework. Version 2.1
FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationAkamai White Paper. FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud. FedRAMP. Federal Risk Authorization Management Program
White Paper FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud FedRAMP Federal Risk Authorization Management Program FedRAMP 2 Table of Contents Introduction 3 fedramp overview 3
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationUnited States Government Cloud Standards Perspectives
United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and
More informationOFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:
More informationFuture Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013
Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013
More informationGuide to Understanding FedRAMP. Version 2.0
Guide to Understanding FedRAMP Version 2.0 June 6, 2014 Executive Summary The Federal Risk and Authorization Management Program (FedRAMP) provides a costeffective, risk-based approach for the adoption
More informationISOO CUI Overview for ACSAC
ISOO CUI Overview for ACSAC Briefing Outline ISOO Overview Overview of the CUI Program CUI and IT Implementation CUI and NIST Standards and Guidelines NIST SP 800-171 CUI Approach for the Contractor Environment
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationNational Science and Technology Council. Interagency Working Group on Digital Data
National Science and Technology Council Interagency Working Group on Digital Data 1 Interagency Working Group White House Executive Office of the President Office of Science and Technology Policy National
More informationDHS Cloud Strategy and Trade Nexus. May 2011
DHS Cloud Strategy and Trade Nexus May 2011 IT Reform @ DHS Federal Plan Departmental Plan IT Reform @ DHS Action Item 1 Complete detailed implementation plans to consolidate 800 data centers by 2015 2
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationDefense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form
Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form Page 1 of 5 Submitted to DISA s DoD Cloud Support Office by: Signature (Prefer CAC
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationDr. Eng. Antonio Mauro, PhD October 20th 2011
October 20th 2011 NIST Cloud Computing Reference Architecture NIST Cloud Computing Standards Roadmap Special Publication 500-292 September 2011 Document: NIST CCSRWG 092 - First Edition - July 5, 2011
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationContemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance
Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationInformation Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure
This document is scheduled to be published in the Federal Register on 07/18/2017 and available online at https://federalregister.gov/d/2017-15068, and on FDsys.gov 9110-9P P DEPARTMENT OF HOMELAND SECURITY
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan June 04, 2010 FDCCI Workshop I Agenda for June 4, 2010 1. Welcome Katie Lewin GSA Director Cloud
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationNIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution
NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution Dr. Michaela Iorga NIST October 2018 A Triple Inflection Point Marked A New
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationDavid Missouri VP- Governance ISACA
David Missouri VP- Governance ISACA Present-Senior Agency Information Security Officer (SAISO) @GA DJJ 2012-2016 Information System Security Officer (ISSO) @ US DOL WHD 2011-2012 Network Administrator
More informationAbout the DISA Cloud Playbook
Cloud Playbk About the DISA Cloud Playbk Cloud Adopters, As you attempt to help the department move more data into the Cloud, there will be many challenges to overcome and learning to be realized. We
More informationAgency Guide for FedRAMP Authorizations
How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0
More informationAB1-3 Keeping People Safe and Secure in Federal Facilities
May 13-14, 2014 Walter E. Washington Convention Center Washington, DC AB1-3 Keeping People Safe and Secure in Federal Facilities Bernard Holt, Deputy Executive Director & Lindsey Blair, Senior Program
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationCloud Computing and Service-Oriented Architectures
Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 20 - Tuesday November 23 2010. SOA Service-oriented
More informationThe U.S. National Spatial Data Infrastructure
June 18, 2014 INSPIRE Conference 2014 The U.S. National Spatial Data Infrastructure past present and future Ivan B. DeLoatch Executive Director, Federal Geographic Data Committee U.S. Geological Survey
More informationDISA CLOUD CLOUD SYMPOSIUM
DISA CLOUD P L A Y B O O K CLOUD SYMPOSIUM DISA Cloud Adoption Cycle LEARN CHOOSE BUY CONFIGURE TRANSITION UTILIZE CLOUD CONSUMER What Mission Partners Should Know and Do Cloud Policies Goals (Fit, Leverage,
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More informationBuilding an Assurance Foundation for 21 st Century Information Systems and Networks
Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership
More informationOffice of Acquisition Program Management (OAPM)
Office of Acquisition Program Management (OAPM) Ron Gallihugh Assistant Administrator Airport Consultants Council July 18, 2017 Acquisition Reform Historically, Transportation Security Administration (TSA)
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationIntroduction to Cloud Computing. [thoughtsoncloud.com] 1
Introduction to Cloud Computing [thoughtsoncloud.com] 1 Outline What is Cloud Computing? Characteristics of the Cloud Computing model Evolution of Cloud Computing Cloud Computing Architecture Cloud Services:
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan August 10, 2010 FDCCI Agenda August 10 th, 2010 1. Welcome Katie Lewin GSA Director Cloud Computing
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationMarch 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience
This document is scheduled to be published in the Federal Register on 03/25/2016 and available online at http://federalregister.gov/a/2016-06901, and on FDsys.gov March 21, 2016 MEMORANDUM FOR THE HEADS
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationCloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson
Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider
More informationCommunications Management Plan Template
Communications Management Plan Template Project Name: U.S. Department of Housing and Urban Development October, 2010 Communications Management Plan Template (V1.0) VERSION HISTORY [Provide information
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationPrivacy hacking & Data Theft
Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud
More informationThe US National Near-Earth Object Preparedness Strategy and Action Plan
The US National Near-Earth Object Preparedness Strategy and Action Plan Briefing to SMPAG Lindley Johnson Program Executive / Planetary Defense Officer Science Mission Directorate NASA HQ October 18, 2018
More informationCloud Computing and Service-Oriented Architectures
Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 29 - Friday March 22 2013. Cloud precursors
More informationGuidance for Exchange and Medicaid Information Technology (IT) Systems
Department of Health and Human Services Office of Consumer Information and Insurance Oversight Centers for Medicare & Medicaid Services Guidance for Exchange and Medicaid Information Technology (IT) Systems
More informationContinuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER
Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER Continuous Monitoring & Security Authorization >> TOTAL COST OF OWNERSHIP Xacta IA Manager
More informationMN.IT Services and MNsure
INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT MN.IT Services and MNsure Presentation to Mnsure Executive Board State CIO Carolyn Parnell June 26, 2013 July 2005: Office of Enterprise Technology created.
More informationEmergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:
ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications
More informationChapter 4. Fundamental Concepts and Models
Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas
More informationBiometric Standards for DoD Operational Requirements
Biometric Standards for DoD Operational Requirements Mr. Benji Hutchinson James.Hutchinson@hqda.army.mil Biometrics Task Force 28 Feb 2008 1 Overview Rationale for Biometric Standards in DoD BTF Biometric
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Defense Security Service Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development COST
More informationSeptember 2010 Version 0.9
TERMS OF REFERENCE September 2010 Version 0.9 Table of Contents Section 1. Purpose... 1 Section 2. Background... 1 Section 3. Scope... 2 Goals and Objectives... 2 Project Deliverables... 3 Deliverables
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationInnovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture
Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture Scott Bernard, Federal Chief Enterprise Architect The Federal CIO Innovate with Less Maximize
More informationPD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection
PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection December 17, 2003 SUBJECT: Critical Infrastructure Identification, Prioritization,
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationBranding Guidance December 17,
Branding Guidance December 17, 2014 1 Executive Summary This document provides guidelines on the use of the FedRAMP name and logo on all FedRAMP marketing and collateral materials. General guidelines are
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationDriving Cloud Governance and Avoiding Cloud Chaos
Driving Cloud Governance and Avoiding Cloud Chaos Key Take Aways What is Cloud Chaos? Why Do You Need Cloud Governance? Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field
More informationActions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650
Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650 President Obama issued Executive Order (EO) 13650 - Improving Chemical
More informationUSGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY
USGv6: US Government Dale Geesey Chief Operating Officer Auspex Technologies, LLC Phone: 703.319.1925 Fax: 866.873.1277 E-mail: dgeesey@auspextech.com Web: www.auspextech.com IPv6 Transition Activities
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationNational Science and Technology Council Committee on Science Subcommittee on Forensic Science. Initial Overview Briefing
National Science and Technology Council Committee on Science Subcommittee on Forensic Science Initial Overview Briefing Revised Order of Presentations Moderators 1. Ken Melson, NSTC Subcommittee, Co-chair
More informationCapgemini Dynamic Services
Capgemini Dynamic Services Evolution and dynamics of Copyright Capgemini 2015. All Rights Reserved 2 GEN 1 Simple IT GEN 2 Full Outsourcing GEN 3 Tower Sourcing GEN NEXT Micro Sourcing Business IT Interface
More informationFISMA Cybersecurity Performance Metrics and Scoring
DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity
More informationFedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016
FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS VERSION 1.0 October 20, 2016 MONTH 2015 Table of Contents 1. PURPOSE 3 2. BACKGROUND 3 3. TIMELINESS AND ACCURACY OF TESTING OVERVIEW
More informationThe next generation of knowledge and expertise
The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404
More information1/10/2011. Topics. What is the Cloud? Cloud Computing
Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing
More informationGAO CYBERSECURITY. Key Challenges Need to Be Addressed to Improve Research and Development. Report to Congressional Requesters
GAO United States Government Accountability Office Report to Congressional Requesters June 2010 CYBERSECURITY Key Challenges Need to Be Addressed to Improve Research and Development GAO-10-466 June 2010
More informationThe Business of Security in the Cloud
The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing
More informationOctober 30, 2015 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES
October 30, 2015 M-16-04 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: Shaun Donovan Director Tony Scott Federal Chief Information Officer SUBJECT: Cybersecurity Strategy and Implementation
More informationAnalytics in the Cloud Mandate or Option?
Analytics in the Cloud Mandate or Option? Rick Lower Sr. Director of Analytics Alliances Teradata 1 The SAS & Teradata Partnership Overview Partnership began in 2007 to improving analytic performance Teradata
More information