Click to edit Master title style

Size: px
Start display at page:

Download "Click to edit Master title style"

Transcription

1 Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative 1

2 The Problem Statement Problem: How do we best perform security authorization and continuous monitoring for large outsourced and multi-agency systems? Government is increasing its use of large shared and outsourced systems Technical drivers: the move to cloud computing, virtualization, service orientation, and web 2.0 Cost savings: through datacenter and application consolidation Independent agency risk management of shared systems causes problems and inefficiencies 2

3 Click The Problem: to edit Master Independent title style Agency Risk Management of Shared Systems Federal Agencies : Duplicative risk management efforts : Incompatible agency policies : Acquisition slowed by lengthy compliance processes Outsourced Systems : Potential for inconsistent application of Federal security requirements 3

4 The Solution: FedRAMP Federal Risk and Authorization Management Program A government-wide initiative to provide joint authorizations and continuous security monitoring services Unified government-wide risk management Agencies would leverage FedRAMP authorizations (when applicable) This does not supplant existing agency authority to use systems that meet their security needs Initial focus on cloud computing 4

5 Click The Solution: to edit Master Government-wide title style Risk Management of Shared Systems Federal Agencies FedRAMP Risk Management -Authorization -Continuous Monitoring -Federal Security Requirements Outsourced Systems : Risk management cost savings and increased effectiveness : Interagency vetted approach : Rapid acquisition through consolidated risk management : Consistent application of Federal security requirements FedRAMP: Federal Risk and Authorization Management Program 5

6 Vendor Perspective Coverage of the Federal market Vendor Vendor Acquiring Agencies FedRAMP Products publicly listed as FedRAMP authorized 6

7 Agency Perspective Independent Agency Effort Leveraged Authorization Security Control Selection Security Implementation Security Assessment Authorization Plan of Action and Milestones Monitoring : Large costs : Slower acquisition : Significant effort Review security details Leverage the existing authorization Secure agency usage of system Assurance strengthened through a centralized focused effort : Greatly reduced costs : Enables rapid acquisition : Reduced effort Ability to shift compliance workload to central entity 7

8 Agency Responsibilities Agencies should review FedRAMP authorization packages prior to leveraging them Determine suitability to agencies mission/risk posture Determine if additional security work is needed Agencies should perform agency specific security activities FedRAMP will publish a list of security controls that are the responsibility of the agency (can t be done government-wide) Agencies should maintain their security controls as a separate system 8

9 Vendor Responsibilities Implementation of government-wide baseline security requirements Create and vet system security plan with FedRAMP Arrange for an independent assessment Prepare proposed authorization package Iteratively work with FedRAMP to prepare package for authorization Perform continuous monitoring and periodically provide FedRAMP evidences and artifacts 9

10 Conceptual FedRAMP Case Study Agency X acquires the ZipCloud service from ZipCorp X offloads risk management work to FedRAMP FedRAMP accepts the work, reducing duplicative efforts by the many agencies using ZipCloud ZipCorp performs risk management work once with FedRAMP for ZipCloud Agencies save money and time by leveraging the FedRAMP authorization when acquiring ZipCloud ZipCorp saves money and time by not having to perform independent security efforts with each agency Agencies perform agency specific security work 10

11 Click FedRAMP to edit Components Master title style Security Requirement Authorities Security Requirements Create government-wide baseline for specific domains Interagency developed and approved FedRAMP Office Program Management Authorization package coordination Management of authorized system list Security Reviews and Continuous Monitoring Technical analysis of authorization packages Security measurement Continuous monitoring oversight Joint Authorization Board Risk Acceptance and Authorization Performs authorizations to be leveraged governmentwide Ongoing determination of risk Note: each of the three major components collaborate but maintain independence 11

12 FedRAMP Relationships Joint Authorization Board Security Requirement Authorities FedRAMP Office Government Information System Owners Private Sector Providers 12

13 FedRAMP Interagency Roles FedRAMP Office Managed by GSA OMB liaison: policy coordination NIST liaison: technical advisor role Joint Authorization Board DOD, GSA, DHS + sponsoring agency (of authorized system) Security Requirement Authorities Initially: Federal Cloud Initiative Technical work by the Cloud Computing Security Working Group (CCSWG) Ultimately: ISIMC Working Groups 13

14 System Submission and Selection Process Agencies submit proposed target systems Only services that the agency is using or plans to use Agency sends a memo to FedRAMP with the request FedRAMP will prioritize submissions 1. Systems in use by the government and deemed as high priority by the CIO council or Federal CIO 2. Systems with multiple sponsoring agencies 3. Systems with one sponsoring agency 4. Government developed systems sponsored by the developing agency Within a priority level, the more active or projected users the higher the priority. 14

15 Overview of FedRAMP Responsibilities Activity Responsible Parties Additional Notes Security Requirements System Submission and Selection Authorization Package Creation Security Requirement Authorities Sponsoring agency Service provider Initially CCSWG migrating to ISIMC With FedRAMP prioritization of work With FedRAMP Office guidance System Assessment Independent third party Paid for by service provider Authorization Package Review FedRAMP Office Sponsoring agency assistance Security Authorization Joint Authorization Board Includes DOD, DHS, and GSA plus the sponsoring agency Continuous Monitoring Service provider with FedRAMP oversight Possible agency participation FISMA Reporting Sponsoring agency With FedRAMP input 15

16 Summary of FedRAMP Goals Create a unified risk management process that increases security through focus assessments, eliminates duplication of effort and associated cost savings enables rapid acquisition by leveraging preauthorized solutions, provides agency vetted transparent security requirements and authorization packages, facilitates multi-agency use of shared systems, ensures integration with government-wide security efforts 16

17 Summary of Agency Usage of FedRAMP Agencies retain their authority to use information systems that meet their security needs FedRAMP provides a service where agencies leverage FedRAMP joint authorizations Continuous monitoring services are provided Agencies typically need to perform agency-specific security assessment and authorization activities (only a small fraction of the total authorization work) 17

18 Questions? Presenter Name: Peter Mell Initial FedRAMP Program Manager

19 Supplemental Material FedRAMP processes for assessment, authorization, and continuous monitoring FedRAMP initial focus on cloud computing NIST cloud computing definition NIST cloud framework 19

20 Click Overview to edit of FedRAMP Master title Government-Wide style Risk Management Process Risk Management Framework Steps 1-4 Government Wide Cloud Provider/Independent 3 rd party Activity 1: Categorize Information and Information System Activity 2 : Create Security Specifications (including security control selection) Executed Once per Type Activity 3: Implement Security Controls Activity 4: Assess Security Controls Activity 5: Create Authorization Package Executed Once per System Risk Management Framework Step 5 Government Wide Activity 6: Authorize System Agencies Activity 7: Agency Review and Acceptance of Government Wide Authorization Executed Once per System Executed Once per Agency Risk Management Framework Step 6 See Risk Management Framework (NIST revision 1) for step details Provider Activity 8: Perform Continuous Monitoring Executed Continuously per System Government Wide Activity 9: Monitor and Accept Ongoing Level of Risk Executed Continuously per System

21

22

23

24 The NIST Cloud Definition Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The full extended definition is available at:

25 The NIST Cloud Definition Framework Deployment Models Service Models Essential Characteristics Hybrid Clouds Private Cloud Community Cloud Public Cloud Infrastructure Software as a Platform as a as a Service Service (SaaS) Service (PaaS) (IaaS) On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service Common Characteristics Massive Scale Homogeneity Virtualization Low Cost Software Resilient Computing Geographic Distribution Service Orientation Advanced Security

26 Click Interagency to edit Effort Master Conducted title style within the Cloud Computing Security Working Group Department of Commerce (DOC) National Institute of Standards and Technology (NIST), Chair Department of Defense (DOD) Defense Information Systems Agency (DISA) National Security Agency (NSA) Department of Education (ED) Department of Energy (DOE) Department of Health and Human Services (HHS) Department of Homeland Security (DHS) Department of Housing and Urban Development (HUD) Department of Justice (DOJ) Department of Labor (DOL) General Services Administration (GSA) Office of Management and Budget (OMB) Social Security Administration (SSA) United States Postal Service (USPS) 26

Introduction to the Federal Risk and Authorization Management Program (FedRAMP)

Introduction to the Federal Risk and Authorization Management Program (FedRAMP) Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training

More information

FedRAMP Security Assessment Framework. Version 2.0

FedRAMP Security Assessment Framework. Version 2.0 FedRAMP Security Assessment Framework Version 2.0 June 6, 2014 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management

More information

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast 21 ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards

More information

FedRAMP Security Assessment Framework. Version 2.1

FedRAMP Security Assessment Framework. Version 2.1 FedRAMP Security Assessment Framework Version 2.1 December 4, 2015 Executive Summary This document describes a general Security Assessment Framework (SAF) for the Federal Risk and Authorization Management

More information

10 Considerations for a Cloud Procurement. March 2017

10 Considerations for a Cloud Procurement. March 2017 10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents

More information

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,

More information

FISMAand the Risk Management Framework

FISMAand the Risk Management Framework FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

More information

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening

More information

Akamai White Paper. FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud. FedRAMP. Federal Risk Authorization Management Program

Akamai White Paper. FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud. FedRAMP. Federal Risk Authorization Management Program White Paper FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud FedRAMP Federal Risk Authorization Management Program FedRAMP 2 Table of Contents Introduction 3 fedramp overview 3

More information

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are

More information

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud First Policy General Directorate of Governance and Operations Version April 2017 General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...

More information

United States Government Cloud Standards Perspectives

United States Government Cloud Standards Perspectives United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and

More information

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:

More information

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013

More information

Guide to Understanding FedRAMP. Version 2.0

Guide to Understanding FedRAMP. Version 2.0 Guide to Understanding FedRAMP Version 2.0 June 6, 2014 Executive Summary The Federal Risk and Authorization Management Program (FedRAMP) provides a costeffective, risk-based approach for the adoption

More information

ISOO CUI Overview for ACSAC

ISOO CUI Overview for ACSAC ISOO CUI Overview for ACSAC Briefing Outline ISOO Overview Overview of the CUI Program CUI and IT Implementation CUI and NIST Standards and Guidelines NIST SP 800-171 CUI Approach for the Contractor Environment

More information

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive

More information

National Policy and Guiding Principles

National Policy and Guiding Principles National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework

More information

National Science and Technology Council. Interagency Working Group on Digital Data

National Science and Technology Council. Interagency Working Group on Digital Data National Science and Technology Council Interagency Working Group on Digital Data 1 Interagency Working Group White House Executive Office of the President Office of Science and Technology Policy National

More information

DHS Cloud Strategy and Trade Nexus. May 2011

DHS Cloud Strategy and Trade Nexus. May 2011 DHS Cloud Strategy and Trade Nexus May 2011 IT Reform @ DHS Federal Plan Departmental Plan IT Reform @ DHS Action Item 1 Complete detailed implementation plans to consolidate 800 data centers by 2015 2

More information

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

FedRAMP: Understanding Agency and Cloud Provider Responsibilities May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration

More information

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form Page 1 of 5 Submitted to DISA s DoD Cloud Support Office by: Signature (Prefer CAC

More information

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,

More information

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent

More information

Dr. Eng. Antonio Mauro, PhD October 20th 2011

Dr. Eng. Antonio Mauro, PhD October 20th 2011 October 20th 2011 NIST Cloud Computing Reference Architecture NIST Cloud Computing Standards Roadmap Special Publication 500-292 September 2011 Document: NIST CCSRWG 092 - First Edition - July 5, 2011

More information

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008 Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal

More information

Copyright 2011 EMC Corporation. All rights reserved.

Copyright 2011 EMC Corporation. All rights reserved. 1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145

More information

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding

More information

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud

More information

Introduction to AWS GoldBase

Introduction to AWS GoldBase Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure This document is scheduled to be published in the Federal Register on 07/18/2017 and available online at https://federalregister.gov/d/2017-15068, and on FDsys.gov 9110-9P P DEPARTMENT OF HOMELAND SECURITY

More information

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan June 04, 2010 FDCCI Workshop I Agenda for June 4, 2010 1. Welcome Katie Lewin GSA Director Cloud

More information

ISAO SO Product Outline

ISAO SO Product Outline Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing

More information

NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution

NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution Dr. Michaela Iorga NIST October 2018 A Triple Inflection Point Marked A New

More information

Government IT Modernization and the Adoption of Hybrid Cloud

Government IT Modernization and the Adoption of Hybrid Cloud Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape

More information

MIS Week 9 Host Hardening

MIS Week 9 Host Hardening MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls

More information

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development

More information

David Missouri VP- Governance ISACA

David Missouri VP- Governance ISACA David Missouri VP- Governance ISACA Present-Senior Agency Information Security Officer (SAISO) @GA DJJ 2012-2016 Information System Security Officer (ISSO) @ US DOL WHD 2011-2012 Network Administrator

More information

About the DISA Cloud Playbook

About the DISA Cloud Playbook Cloud Playbk About the DISA Cloud Playbk Cloud Adopters, As you attempt to help the department move more data into the Cloud, there will be many challenges to overcome and learning to be realized. We

More information

Agency Guide for FedRAMP Authorizations

Agency Guide for FedRAMP Authorizations How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0

More information

AB1-3 Keeping People Safe and Secure in Federal Facilities

AB1-3 Keeping People Safe and Secure in Federal Facilities May 13-14, 2014 Walter E. Washington Convention Center Washington, DC AB1-3 Keeping People Safe and Secure in Federal Facilities Bernard Holt, Deputy Executive Director & Lindsey Blair, Senior Program

More information

FedRAMP Training - Continuous Monitoring (ConMon) Overview

FedRAMP Training - Continuous Monitoring (ConMon) Overview FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 20 - Tuesday November 23 2010. SOA Service-oriented

More information

The U.S. National Spatial Data Infrastructure

The U.S. National Spatial Data Infrastructure June 18, 2014 INSPIRE Conference 2014 The U.S. National Spatial Data Infrastructure past present and future Ivan B. DeLoatch Executive Director, Federal Geographic Data Committee U.S. Geological Survey

More information

DISA CLOUD CLOUD SYMPOSIUM

DISA CLOUD CLOUD SYMPOSIUM DISA CLOUD P L A Y B O O K CLOUD SYMPOSIUM DISA Cloud Adoption Cycle LEARN CHOOSE BUY CONFIGURE TRANSITION UTILIZE CLOUD CONSUMER What Mission Partners Should Know and Do Cloud Policies Goals (Fit, Leverage,

More information

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline

More information

Supporting the Cloud Transformation of Agencies across the Public Sector

Supporting the Cloud Transformation of Agencies across the Public Sector SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter

More information

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Building an Assurance Foundation for 21 st Century Information Systems and Networks Building an Assurance Foundation for 21 st Century Information Systems and Networks The Role of IT Security Standards, Metrics, and Assessment Programs Dr. Ron Ross National Information Assurance Partnership

More information

Office of Acquisition Program Management (OAPM)

Office of Acquisition Program Management (OAPM) Office of Acquisition Program Management (OAPM) Ron Gallihugh Assistant Administrator Airport Consultants Council July 18, 2017 Acquisition Reform Historically, Transportation Security Administration (TSA)

More information

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS

More information

TEL2813/IS2621 Security Management

TEL2813/IS2621 Security Management TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information

More information

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document

More information

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011 Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case

More information

IT-CNP, Inc. Capability Statement

IT-CNP, Inc. Capability Statement Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government

More information

COMPLIANCE IN THE CLOUD

COMPLIANCE IN THE CLOUD COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638

More information

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Introduction to Cloud Computing. [thoughtsoncloud.com] 1 Introduction to Cloud Computing [thoughtsoncloud.com] 1 Outline What is Cloud Computing? Characteristics of the Cloud Computing model Evolution of Cloud Computing Cloud Computing Architecture Cloud Services:

More information

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Practical Guide to Cloud Computing Version 2. Read whitepaper at Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables

More information

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan August 10, 2010 FDCCI Agenda August 10 th, 2010 1. Welcome Katie Lewin GSA Director Cloud Computing

More information

Solutions Technology, Inc. (STI) Corporate Capability Brief

Solutions Technology, Inc. (STI) Corporate Capability Brief Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy

More information

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience This document is scheduled to be published in the Federal Register on 03/25/2016 and available online at http://federalregister.gov/a/2016-06901, and on FDsys.gov March 21, 2016 MEMORANDUM FOR THE HEADS

More information

FedRAMP Digital Identity Requirements. Version 1.0

FedRAMP Digital Identity Requirements. Version 1.0 FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT

More information

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider

More information

Communications Management Plan Template

Communications Management Plan Template Communications Management Plan Template Project Name: U.S. Department of Housing and Urban Development October, 2010 Communications Management Plan Template (V1.0) VERSION HISTORY [Provide information

More information

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

Privacy hacking & Data Theft

Privacy hacking & Data Theft Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud

More information

The US National Near-Earth Object Preparedness Strategy and Action Plan

The US National Near-Earth Object Preparedness Strategy and Action Plan The US National Near-Earth Object Preparedness Strategy and Action Plan Briefing to SMPAG Lindley Johnson Program Executive / Planetary Defense Officer Science Mission Directorate NASA HQ October 18, 2018

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 29 - Friday March 22 2013. Cloud precursors

More information

Guidance for Exchange and Medicaid Information Technology (IT) Systems

Guidance for Exchange and Medicaid Information Technology (IT) Systems Department of Health and Human Services Office of Consumer Information and Insurance Oversight Centers for Medicare & Medicaid Services Guidance for Exchange and Medicaid Information Technology (IT) Systems

More information

Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER

Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER Continuous Monitoring & Security Authorization >> TOTAL COST OF OWNERSHIP Xacta IA Manager

More information

MN.IT Services and MNsure

MN.IT Services and MNsure INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT MN.IT Services and MNsure Presentation to Mnsure Executive Board State CIO Carolyn Parnell June 26, 2013 July 2005: Office of Enterprise Technology created.

More information

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies: ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications

More information

Chapter 4. Fundamental Concepts and Models

Chapter 4. Fundamental Concepts and Models Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas

More information

Biometric Standards for DoD Operational Requirements

Biometric Standards for DoD Operational Requirements Biometric Standards for DoD Operational Requirements Mr. Benji Hutchinson James.Hutchinson@hqda.army.mil Biometrics Task Force 28 Feb 2008 1 Overview Rationale for Biometric Standards in DoD BTF Biometric

More information

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

UNCLASSIFIED. FY 2016 Base FY 2016 OCO Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Defense Security Service Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development COST

More information

September 2010 Version 0.9

September 2010 Version 0.9 TERMS OF REFERENCE September 2010 Version 0.9 Table of Contents Section 1. Purpose... 1 Section 2. Background... 1 Section 3. Scope... 2 Goals and Objectives... 2 Project Deliverables... 3 Deliverables

More information

Cybersecurity & Privacy Enhancements

Cybersecurity & Privacy Enhancements Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their

More information

Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture

Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture Scott Bernard, Federal Chief Enterprise Architect The Federal CIO Innovate with Less Maximize

More information

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection December 17, 2003 SUBJECT: Critical Infrastructure Identification, Prioritization,

More information

Section One of the Order: The Cybersecurity of Federal Networks.

Section One of the Order: The Cybersecurity of Federal Networks. Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald

More information

Branding Guidance December 17,

Branding Guidance December 17, Branding Guidance December 17, 2014 1 Executive Summary This document provides guidelines on the use of the FedRAMP name and logo on all FedRAMP marketing and collateral materials. General guidelines are

More information

Streamlined FISMA Compliance For Hosted Information Systems

Streamlined FISMA Compliance For Hosted Information Systems Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and

More information

Driving Cloud Governance and Avoiding Cloud Chaos

Driving Cloud Governance and Avoiding Cloud Chaos Driving Cloud Governance and Avoiding Cloud Chaos Key Take Aways What is Cloud Chaos? Why Do You Need Cloud Governance? Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field

More information

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650 Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650 President Obama issued Executive Order (EO) 13650 - Improving Chemical

More information

USGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY

USGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY USGv6: US Government Dale Geesey Chief Operating Officer Auspex Technologies, LLC Phone: 703.319.1925 Fax: 866.873.1277 E-mail: dgeesey@auspextech.com Web: www.auspextech.com IPv6 Transition Activities

More information

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby

More information

National Science and Technology Council Committee on Science Subcommittee on Forensic Science. Initial Overview Briefing

National Science and Technology Council Committee on Science Subcommittee on Forensic Science. Initial Overview Briefing National Science and Technology Council Committee on Science Subcommittee on Forensic Science Initial Overview Briefing Revised Order of Presentations Moderators 1. Ken Melson, NSTC Subcommittee, Co-chair

More information

Capgemini Dynamic Services

Capgemini Dynamic Services Capgemini Dynamic Services Evolution and dynamics of Copyright Capgemini 2015. All Rights Reserved 2 GEN 1 Simple IT GEN 2 Full Outsourcing GEN 3 Tower Sourcing GEN NEXT Micro Sourcing Business IT Interface

More information

FISMA Cybersecurity Performance Metrics and Scoring

FISMA Cybersecurity Performance Metrics and Scoring DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity

More information

FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016

FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016 FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS VERSION 1.0 October 20, 2016 MONTH 2015 Table of Contents 1. PURPOSE 3 2. BACKGROUND 3 3. TIMELINESS AND ACCURACY OF TESTING OVERVIEW

More information

The next generation of knowledge and expertise

The next generation of knowledge and expertise The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404

More information

1/10/2011. Topics. What is the Cloud? Cloud Computing

1/10/2011. Topics. What is the Cloud? Cloud Computing Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

GAO CYBERSECURITY. Key Challenges Need to Be Addressed to Improve Research and Development. Report to Congressional Requesters

GAO CYBERSECURITY. Key Challenges Need to Be Addressed to Improve Research and Development. Report to Congressional Requesters GAO United States Government Accountability Office Report to Congressional Requesters June 2010 CYBERSECURITY Key Challenges Need to Be Addressed to Improve Research and Development GAO-10-466 June 2010

More information

The Business of Security in the Cloud

The Business of Security in the Cloud The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing

More information

October 30, 2015 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

October 30, 2015 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES October 30, 2015 M-16-04 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: Shaun Donovan Director Tony Scott Federal Chief Information Officer SUBJECT: Cybersecurity Strategy and Implementation

More information

Analytics in the Cloud Mandate or Option?

Analytics in the Cloud Mandate or Option? Analytics in the Cloud Mandate or Option? Rick Lower Sr. Director of Analytics Alliances Teradata 1 The SAS & Teradata Partnership Overview Partnership began in 2007 to improving analytic performance Teradata

More information