Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel


Published on

This interactive session is designed to deliver deeper insights into the Federal Risk and Authorization Management Program (FedRAMP), a U.S. Federal Government-wide initiative intended to provide “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services” to be used in support of Federal agency operations. The speakers will update attendees on current FedRAMP progress and ongoing initiatives, as well as a detailed review of the recently received provisional approval to operate (P-ATO) granted to Akamai Technologies. The Akamai approach is distinct among the others approved to date by FedRAMP—as it authorizes core cloud services to operate using Akamai’s highly distributed commercial network. While others are focused on government-only cloud environments, Akamai can offer government-wide accreditation and assurance to the defense and civilian agencies it serves. Plan to attend this session to build on your understanding of FedRAMP and the expanding cloud computing options available to agency professionals—regardless of mission or location. See the full Edge Presentation:

Panelists Include: Matthew Goodrich, Matt Mitchell, Christine Schweickert

The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013.

Learn more at

Published in: Technology, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel

  1. 1. Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group
  2. 2. Why FedRAMP? Problem: • A duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approach with little incentive to leverage existing Authorizations to Operate (ATOs) among agencies. Solution: FedRAMP • Uniform risk management approach • Standard set of approved, minimum security controls (FISMA Low and Moderate Impact) • Consistent assessment process • Provisional ATO 2
  3. 3. FedRAMP Policy Framework Agency ATO FedRAMP Security Requirements OMB A-130 NIST SP 800-37, 800-137, 137, 800-53 eGov Act of 2002 includes Federal Information Security Management Act (FISMA) Agencies leverage FedRAMP process, heads of agencies understand, accept risk and grant ATOs FedRAMP builds upon NIST SPs establishing common cloud computing baseline supporting risk based decisions OMB A-130 provide policy, NIST Special Publications provide risk management framework Congress passes FISMA as part of 2002 eGov Act 3
  4. 4. FedRAMP Authorizations Mandatory Federal Requirement • OMB Policy Memo – December 2011. • Mandates FedRAMP compliance for all cloud services used by the Federal government. Granting Authorizations • Federal agencies are required by FISMA to individually grant an ATO. • Federal agencies must ensure all cloud providers they use meet the FedRAMP requirements. Authorizations that meet the FedRAMP requirements: • • • • Address the FedRAMP baseline controls Use the mandatory FedRAMP templates Are listed within the FedRAMP repository Have an ATO letter on file with FedRAMP PMO 4
  5. 5. JAB FedRAMP Governance Model: Focus on Security and Transparency In October 2010, the White House launched the Federal Risk and SM Authorization Management Program (FedRAMP ) • • Provides framework for a standard and secure approach to Assessing and Authorizing (A&A) cloud computing services and products Allows joint authorizations and continuous security monitoring services for Government/Private cloud computing systems intended for multi-agency use ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
  6. 6. Only 1 Path to ATO is JAB Granted & Requires Continuous Monitoring, Future FedRAMP Compliance Higher Level of Review (lower risk for Government) ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
  7. 7. Total Cost of Ownership: Who Pays Over Time? Look beyond compute cost comparisons to know what you are signing up for in the long term CGI Proprietary Information ©2013 AKAMAI | FASTER FORWARDTM
  8. 8. Akamai FedRAMP Akamai was awarded an JAB P-ATO on August 26, 2013 under FedRAMP assessment package number F1206061353. Akamai C&A documentation will be found in the FedRAMP repository. Our Government customers should plan on leveraging the FedRAMP repository to view our SSP, and associated documentation. This link shows the process: Service Name: Akamai Content Delivery Network (Akamai CDN) Service Model: Infrastructure as a Service (IaaS) Deployment Model: Public Cloud The Akamai FedRAMP accreditation boundary includes: • the HTTP (Content Delivery) Edge Servers • the HTTPS (Secure Content Delivery) Edge servers • NetStorage • HD Streaming • Global Traffic Management (GTM) System • Enhanced DNS Service with DNSSEC • the Luna Control Center Portal • Additionally, the Akamai NOCC, Akamai Domain Name Servers, and the Akamai internal systems: KMI, Authgate, and AMS. Impact Level: Moderate Authorization Date: August 22, 2013 (JAB Provisional Authorization) Package ID: F1206061353 3PAO: Knowledge Consulting Group, Inc. (KCG) FedRAMP Accredited) Contact Information: Christine Schweickert ©2013 AKAMAI | FASTER FORWARDTM
  9. 9. One of the largest pure cyber security services companies Over 260 information security professionals Expertise in each of the major domains of cybersecurity: Governance & Risk Management Compliance Operations Cyber attack simulation and exploitation Supporting over 15 agencies along with leading private sector clients: Hi-tech Financial services Cloud providers Power and energy Matt Mitchell: Director- Risk Advisory Services Contact: Leads KCG’ FedRAMP services practice 15 years of public and private security experience Currently supporting leading cloud providers: Develop and execute cloud security and compliance management strategies Implement security, compliance, and risk management programs Implement security governance and workforce transformation programs Build and manage rationalized compliance control frameworks: FedRAMP, NIST, PCI DSS, SOC2, SOX, HIPAA, ISO, BITS ©2013 AKAMAI | FASTER FORWARDTM
  10. 10. Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group ©2013 AKAMAI | FASTER FORWARDTM