SlideShare a Scribd company logo

Ignyte - US Sovereign Cloud Computing

Ignyte Assurance Platform
Ignyte Assurance Platform

US Sovereign Cloud Computing. What it is and how it will effect the future of your business.

Technology
1 of 22
Download to read offline
US Sovereign Cloud Computing 01 March 2023
Agenda ● What is a Sovereign Cloud Computing? ● National & Local Impact ● Restricted Data ● Summary ● Q&A
• Enterprise Risk Leader 15 years of Business and Security Technology Leadership experience • Corporate cyber security experience — FIS, NCR, IBM, Dell, Credit Unions, etc…. • R&D & Model development — Trusted Platform Module (TPM) Chip Development, Air Force Tech Transfer, Citrix patent (team member) • Federal agency cyber experience — USAF, Army, Navy, DOS, NRO, NGA, CIA, NSA, NASIC and others units for system accreditations Max Aulakh, MBA, CISSP, CISA, CRISC Managing Director Formal Education & Credentials • Wright State University — MBA (2014) • American Military University — B.S Information Security, Computer Science (2009) • Community College of the Air Force — Criminal Justice (2009) • Cyber & Technology Industry Credentials: CISSP, PMP, Linux+, Security+, Network+, ITIL-F, Certified Scrum Master ✔ Cigital Defensive Programming, OWASP, Threat Modeling, etc.. ✔ Cyber Regulatory/Frameworks — CMMC, NIST, HIPAA, HITRUST, SOC 1/2, CIS, FFIEC, ISO 27K, FISMA • Formal Military Physical Security Training: Counter Terrorism, HAZMAT, Explosive Ordinance, Customs, Use of Force, LOAC, Force Protection, Combat Leadership, Ground Defense Command, SERE, Bloodborne Pathogens • Formalized Weapon Systems Training: M9, M4, M2, M249 & M240B US Military Operational – Strategic Tour of Duties 2007-2009: Iraq — Security Forces Leadership 2006-2007: Afghanistan — Security Forces Member/Forward Deployed Military Linguist (Hindi, Urdu & Punjabi) 2005-2006: Iraq — Security Forces/Classified Systems Member 2003-2005: Turkey — US Nuclear Weapons Systems Administrator & Security Member max@ignyteplatform.com I 937-789-4216 I https://www.linkedin.com/in/maxaulakh/ Cyber & Technology Industry Credentials • CISSP • PMP • Linux+ • Certified Scrum Master • Digital Defensive Programming • OWASP • Threat Modeling • Security+ • Network+ • ITIL-F • USAF • Army • Navy • CIA • NSA • NASIC • DOS • NRO • NGA Federal & Corporate agency cybersecurity experience • Dell • IBM • UFCU
Introduction: What is Sovereign Cloud Computing
What is Sovereign Cloud Computing ● Isolated in-country platform ● Autonomous legal entity (not a government owned entity) ● All operations are managed by sovereign citizen of that country
Sovereign Computing & Data ● Data is subject to where the data is collected ● Any foreign entity is not able to exert control over the data ● All data (customer data & metadata) is resident and controlled in that jurisdiction
Data Sovereignty ● Stored locally within the autonomous cloud provider within the country. ● Staff is subject to local laws of the country. ○ May even have security clearances and/or proper approvals. Data Sovereignty and Data Residency Data Residency ● Customer’s data is in local zone or country ● Access to account information could be overseas such as logins, passwords, Network information, diagnostics, etc.. ● The customer data is controlled access by the foreign entity. ○ Example: US Contractor providing services overseas or foreign contractor (outsourced staff) providing technology services to a US entity.
● Government entities what complete control over their data. ○ National Security (US) and/or Economical Benefit (European) ● US Hyperscaler Dominance - global & critical data is managed by US Cloud provider(s) - Rapid changes in geo political climate. ○ Ukraine, China, Russia, etc.. ● US Cloud Act gives USG complete access to jurisdictional control of data even if the data is residing in foreign soil. Primary Drivers of Sovereign Cloud
Two main objectives: ● Amended the Stored Communications Act to require providers to comply with their obligations to preserve, backup or disclose electronic data in their possession regardless of where that information is located; ● Allow the U.S. government to enter into executive agreements with foreign governments for reciprocal expedited access to electronic information held by providers based abroad. Enacted in March 2018 Also known as Section 702 of the US Foreign Intelligence Surveillance Act (FISA) US Clarifying Lawful Overseas Use of Data (CLOUD) Act
● European Countries (GDPR) ○ UKCloud, Germany (Gaia-X), Switzerland, France, etc.. ● Asia ○ India, China & Taiwan ● Middle East ● United States ○ GovCloud Geographies Adopting
● Azure GCC High ● Google Public Sector ● Amazon GovCloud ● Oracle Cloud Examples of Sovereign Clouds - United States
National & Local Impact
● Data fuels the defense economy ● Data fuels innovation and growth ● As a nation if we are not in control of the data - than it is very hard for data to become a nation asset in its own right. National Impact CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters. Defense Counterintelligence Agency
● Wright Patterson AFB ● Defense Contractors ● Manufacturing ● Federally Funded Research Development Centers (FFRDCs) ○ Educational Institutions ○ Science and Technology ● Supporting Technology Services Organizations ○ IT, MSPs, MSSPs, CSPs Local Impact - Defense Industrial Base
● Cyber Security Maturity Model Certification (CMMC) ○ Potential to replace many industry wide certification schemes ○ Widest impact ● Federal Risk and Authorization Management Program (FedRAMP) ● Executive Order 14028 Section 4e - Software Supply Chain Government Programs
US Data Restrictions Regulation Authority Stakeholder Primary Focus Specifies International Traffic in Arms (ITAR) 22 CFR Parts 120-130 US Department of State (DDTC) United States Munitions List (USML) Protection of defense-related articles and services Export Administration Regulations (EAR) 15 CFR Parts 730-774 US Department of Commerce (BIS) Commerce Control List (CCL) Protection of commercial and dual-use items, information and technology. Controlled Unclassified Information (CUI) Program EO 13556 US National Archives (NARA) Controlled Unclassified Information (CUI) CUl categories & protection requirements Defense Federal Acquisition Regulation Supplement (DFARS) 252 204-7012 252.204-7021 US Department of Defense (DoD) Controlled Unclassified Information (CUI) - NIST SP 800-171 implementation - Cybersecurity Maturity Model Certification (CMMC) Federal Acquisition Regulation (FAR) 52.204-21 General Services Administration (GSA) US Department of Defense (DoD) National Aeronautics and Space Administration (NASA) Federal Contract Information (FCI) 15 basic cybersecurity requirements
Technical Definitions FCI Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. CUI Government-created or -owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure. An overarching term representing many different categories, each authorized by one or more law, regulation, or Government-wide policy. Information requiring specific security measures indexed under one system across the Federal Government. CDI Unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is— (1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DOD in support of the performance of the contract; or (2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. CTI Technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DOD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. ITAR The International Traffic in Arms Regulations (“ITAR,” 22 CFR 120-130) implements the AECA. The Arms Export Control Act requires that all manufacturers, exporters, temporary importers, and brokers of defense articles (including technical data) as defined on the United States Munitions List (ITAR part 121) and furnishers of defense services are required to register with the Directorate of Defense Trade Controls (DDTC) as described in ITAR part 122 (part 129 for brokers). It is primarily a means to provide the U.S. Government with necessary information on who is involved in certain ITAR controlled activities and does not confer any export or temporary import rights or privileges. Registration is generally a precondition for the issuance of any license or other approval and use of certain exemptions. Per ITAR §122.1, any person who engages in the United States in the business of either manufacturing or exporting or temporarily importing defense articles or furnishing defense services is required to register with DDTC. Manufacturers who do not engage in exporting must nevertheless register. Please review and thoroughly understand all definitions, especially the definition of Exporting as it applies to ITAR. Additionally, review and understand entries on the United States Munitions List (ITAR part 121)
DoD Distribution Marked Information DISTRIBUTION STATEMENT A Approved for public release: distribution unlimited. DISTRIBUTION STATEMENT B. Distribution authorized to U.S. Government agencies (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT C. Distribution authorized to U.S. Government agencies and their contractors (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office) DISTRIBUTION STATEMENT D. Distribution authorized to Department of Defense and U.S. DoD contractors only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT E. Distribution authorized to DoD Components only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT F. Further dissemination only as directed by (controlling office) (date of determination) or higher DoD authority.
Summary
● Sovereign Computing ● Isolated in-country platforms ● Data residency versus data sovereignty ● Data as the new oil - a national asset ● Economical & National Security Benefit ● Emerging Programs ● CMMC ● FedRAMP ● SBOMs via Executive Order ● Protection of CUI Recap
Q&A
Thank you www.ignyteplatform.com info@ignyteplatform.com 1.833.IGNYTE1 5818 Wilmington Pike, Centerville, OH 45459-7004 Max Aulakh Managing Director max@ignyteplatform.com 937-789-4216

Recommended

Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
CMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptxCMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptx
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
JSchaus & Associates
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government Contractors
Unanet
 

Recommended

Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
CMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptxCMMC Day 2024 _ Ignyte _ Declassification.pptx
CMMC Day 2024 _ Ignyte _ Declassification.pptx
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
JSchaus & Associates
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government Contractors
Unanet
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
Government Technology and Services Coalition
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategyfEngel
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARS
JSchaus & Associates
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
JSchaus & Associates
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
VMware Tanzu
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
Ignyte Assurance Platform
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments
Doug Bowman
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
VMware Tanzu
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified informationKaye Beach
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
Ahmad Khan
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
abhi75
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesDouglas Burdett
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud Services
This account is closed
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
Ignyte Assurance Platform
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
Ignyte Assurance Platform
 

More Related Content

Similar to Ignyte - US Sovereign Cloud Computing

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
Government Technology and Services Coalition
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategyfEngel
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARS
JSchaus & Associates
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
JSchaus & Associates
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
VMware Tanzu
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
Ignyte Assurance Platform
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments
Doug Bowman
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
VMware Tanzu
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified informationKaye Beach
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
Ahmad Khan
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
abhi75
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Phil Agcaoili
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesDouglas Burdett
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud Services
This account is closed
 

Similar to Ignyte - US Sovereign Cloud Computing (20)

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARS
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
Minimizing Compliance Resistance to Digital Transformation --- Design for reg...
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments ITAR for Government Contracts - Revised for Recent Amendments
ITAR for Government Contracts - Revised for Recent Amendments
 
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
The Anatomy of Building a Compliant PCF Service in a Limited Connectivity Env...
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
 
Controlled unclassified information
Controlled unclassified informationControlled unclassified information
Controlled unclassified information
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
ITAR for Defense Industry Executives
ITAR for Defense Industry ExecutivesITAR for Defense Industry Executives
ITAR for Defense Industry Executives
 
The Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud ServicesThe Cloud Computing Contract Playbook: Contracting for Cloud Services
The Cloud Computing Contract Playbook: Contracting for Cloud Services
 

More from Ignyte Assurance Platform

CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
Ignyte Assurance Platform
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
Ignyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
Ignyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (15)

CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 

Recently uploaded (20)

A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 

Ignyte - US Sovereign Cloud Computing

  • 2. Agenda ● What is a Sovereign Cloud Computing? ● National & Local Impact ● Restricted Data ● Summary ● Q&A
  • 3. • Enterprise Risk Leader 15 years of Business and Security Technology Leadership experience • Corporate cyber security experience — FIS, NCR, IBM, Dell, Credit Unions, etc…. • R&D & Model development — Trusted Platform Module (TPM) Chip Development, Air Force Tech Transfer, Citrix patent (team member) • Federal agency cyber experience — USAF, Army, Navy, DOS, NRO, NGA, CIA, NSA, NASIC and others units for system accreditations Max Aulakh, MBA, CISSP, CISA, CRISC Managing Director Formal Education & Credentials • Wright State University — MBA (2014) • American Military University — B.S Information Security, Computer Science (2009) • Community College of the Air Force — Criminal Justice (2009) • Cyber & Technology Industry Credentials: CISSP, PMP, Linux+, Security+, Network+, ITIL-F, Certified Scrum Master ✔ Cigital Defensive Programming, OWASP, Threat Modeling, etc.. ✔ Cyber Regulatory/Frameworks — CMMC, NIST, HIPAA, HITRUST, SOC 1/2, CIS, FFIEC, ISO 27K, FISMA • Formal Military Physical Security Training: Counter Terrorism, HAZMAT, Explosive Ordinance, Customs, Use of Force, LOAC, Force Protection, Combat Leadership, Ground Defense Command, SERE, Bloodborne Pathogens • Formalized Weapon Systems Training: M9, M4, M2, M249 & M240B US Military Operational – Strategic Tour of Duties 2007-2009: Iraq — Security Forces Leadership 2006-2007: Afghanistan — Security Forces Member/Forward Deployed Military Linguist (Hindi, Urdu & Punjabi) 2005-2006: Iraq — Security Forces/Classified Systems Member 2003-2005: Turkey — US Nuclear Weapons Systems Administrator & Security Member max@ignyteplatform.com I 937-789-4216 I https://www.linkedin.com/in/maxaulakh/ Cyber & Technology Industry Credentials • CISSP • PMP • Linux+ • Certified Scrum Master • Digital Defensive Programming • OWASP • Threat Modeling • Security+ • Network+ • ITIL-F • USAF • Army • Navy • CIA • NSA • NASIC • DOS • NRO • NGA Federal & Corporate agency cybersecurity experience • Dell • IBM • UFCU
  • 5. What is Sovereign Cloud Computing ● Isolated in-country platform ● Autonomous legal entity (not a government owned entity) ● All operations are managed by sovereign citizen of that country
  • 6. Sovereign Computing & Data ● Data is subject to where the data is collected ● Any foreign entity is not able to exert control over the data ● All data (customer data & metadata) is resident and controlled in that jurisdiction
  • 7. Data Sovereignty ● Stored locally within the autonomous cloud provider within the country. ● Staff is subject to local laws of the country. ○ May even have security clearances and/or proper approvals. Data Sovereignty and Data Residency Data Residency ● Customer’s data is in local zone or country ● Access to account information could be overseas such as logins, passwords, Network information, diagnostics, etc.. ● The customer data is controlled access by the foreign entity. ○ Example: US Contractor providing services overseas or foreign contractor (outsourced staff) providing technology services to a US entity.
  • 8. ● Government entities what complete control over their data. ○ National Security (US) and/or Economical Benefit (European) ● US Hyperscaler Dominance - global & critical data is managed by US Cloud provider(s) - Rapid changes in geo political climate. ○ Ukraine, China, Russia, etc.. ● US Cloud Act gives USG complete access to jurisdictional control of data even if the data is residing in foreign soil. Primary Drivers of Sovereign Cloud
  • 9. Two main objectives: ● Amended the Stored Communications Act to require providers to comply with their obligations to preserve, backup or disclose electronic data in their possession regardless of where that information is located; ● Allow the U.S. government to enter into executive agreements with foreign governments for reciprocal expedited access to electronic information held by providers based abroad. Enacted in March 2018 Also known as Section 702 of the US Foreign Intelligence Surveillance Act (FISA) US Clarifying Lawful Overseas Use of Data (CLOUD) Act
  • 10. ● European Countries (GDPR) ○ UKCloud, Germany (Gaia-X), Switzerland, France, etc.. ● Asia ○ India, China & Taiwan ● Middle East ● United States ○ GovCloud Geographies Adopting
  • 11. ● Azure GCC High ● Google Public Sector ● Amazon GovCloud ● Oracle Cloud Examples of Sovereign Clouds - United States
  • 13. ● Data fuels the defense economy ● Data fuels innovation and growth ● As a nation if we are not in control of the data - than it is very hard for data to become a nation asset in its own right. National Impact CUI is the path of least resistance for adversaries. Loss of aggregated CUI is the one of the most significant risks to national security, directly affecting lethality of our warfighters. Defense Counterintelligence Agency
  • 14. ● Wright Patterson AFB ● Defense Contractors ● Manufacturing ● Federally Funded Research Development Centers (FFRDCs) ○ Educational Institutions ○ Science and Technology ● Supporting Technology Services Organizations ○ IT, MSPs, MSSPs, CSPs Local Impact - Defense Industrial Base
  • 15. ● Cyber Security Maturity Model Certification (CMMC) ○ Potential to replace many industry wide certification schemes ○ Widest impact ● Federal Risk and Authorization Management Program (FedRAMP) ● Executive Order 14028 Section 4e - Software Supply Chain Government Programs
  • 16. US Data Restrictions Regulation Authority Stakeholder Primary Focus Specifies International Traffic in Arms (ITAR) 22 CFR Parts 120-130 US Department of State (DDTC) United States Munitions List (USML) Protection of defense-related articles and services Export Administration Regulations (EAR) 15 CFR Parts 730-774 US Department of Commerce (BIS) Commerce Control List (CCL) Protection of commercial and dual-use items, information and technology. Controlled Unclassified Information (CUI) Program EO 13556 US National Archives (NARA) Controlled Unclassified Information (CUI) CUl categories & protection requirements Defense Federal Acquisition Regulation Supplement (DFARS) 252 204-7012 252.204-7021 US Department of Defense (DoD) Controlled Unclassified Information (CUI) - NIST SP 800-171 implementation - Cybersecurity Maturity Model Certification (CMMC) Federal Acquisition Regulation (FAR) 52.204-21 General Services Administration (GSA) US Department of Defense (DoD) National Aeronautics and Space Administration (NASA) Federal Contract Information (FCI) 15 basic cybersecurity requirements
  • 17. Technical Definitions FCI Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. CUI Government-created or -owned UNCLASSIFIED information that must be safeguarded from unauthorized disclosure. An overarching term representing many different categories, each authorized by one or more law, regulation, or Government-wide policy. Information requiring specific security measures indexed under one system across the Federal Government. CDI Unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is— (1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DOD in support of the performance of the contract; or (2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract. CTI Technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DOD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. ITAR The International Traffic in Arms Regulations (“ITAR,” 22 CFR 120-130) implements the AECA. The Arms Export Control Act requires that all manufacturers, exporters, temporary importers, and brokers of defense articles (including technical data) as defined on the United States Munitions List (ITAR part 121) and furnishers of defense services are required to register with the Directorate of Defense Trade Controls (DDTC) as described in ITAR part 122 (part 129 for brokers). It is primarily a means to provide the U.S. Government with necessary information on who is involved in certain ITAR controlled activities and does not confer any export or temporary import rights or privileges. Registration is generally a precondition for the issuance of any license or other approval and use of certain exemptions. Per ITAR §122.1, any person who engages in the United States in the business of either manufacturing or exporting or temporarily importing defense articles or furnishing defense services is required to register with DDTC. Manufacturers who do not engage in exporting must nevertheless register. Please review and thoroughly understand all definitions, especially the definition of Exporting as it applies to ITAR. Additionally, review and understand entries on the United States Munitions List (ITAR part 121)
  • 18. DoD Distribution Marked Information DISTRIBUTION STATEMENT A Approved for public release: distribution unlimited. DISTRIBUTION STATEMENT B. Distribution authorized to U.S. Government agencies (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT C. Distribution authorized to U.S. Government agencies and their contractors (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office) DISTRIBUTION STATEMENT D. Distribution authorized to Department of Defense and U.S. DoD contractors only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT E. Distribution authorized to DoD Components only (reason) (date of determination). Other requests for this document shall be referred to (controlling DoD office). DISTRIBUTION STATEMENT F. Further dissemination only as directed by (controlling office) (date of determination) or higher DoD authority.
  • 20. ● Sovereign Computing ● Isolated in-country platforms ● Data residency versus data sovereignty ● Data as the new oil - a national asset ● Economical & National Security Benefit ● Emerging Programs ● CMMC ● FedRAMP ● SBOMs via Executive Order ● Protection of CUI Recap
  • 21. Q&A
  • 22. Thank you www.ignyteplatform.com info@ignyteplatform.com 1.833.IGNYTE1 5818 Wilmington Pike, Centerville, OH 45459-7004 Max Aulakh Managing Director max@ignyteplatform.com 937-789-4216