SlideShare a Scribd company logo

Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessments

Schellman & Company
Schellman & Company

FedRAMP is the federal government's risk and security assessment program for cloud-based services as part of the cloud-first initiative, and is designed to make the assessment process more efficient by providing a "do once, use many times" framework. If you work with or want to work with federal agencies, your organization will need to be FedRAMP compliant. On this webinar, you will: • Learn the background and overview of the FedRAMP program • Take a deep dive of the assessment process • Discover the benefits and challenges companies experience during the assessment process

Government & Nonprofit
1 of 20
Download to read offline
Webinar – What you should know about FedRAMP assessments | 1 Work with Federal Agencies? Here's What You Should Know About FedRAMP Assessments
Webinar – What you should know about FedRAMP assessments | 2 Contents • FedRAMP Overview • Setting the Stage • Assessment Process • Additional Topics and Summary
Webinar – What you should know about FedRAMP assessments | 3 What is FedRAMP?
Webinar – What you should know about FedRAMP assessments | 4 What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant agency security assessments. Launched in July 2012 FedRAMP replaces what was previously a decentralized authority to operation (ATO) model where each agency performed their own assessment
Webinar – What you should know about FedRAMP assessments | 5 Understanding FISMA vs. FedRAMP Is a: Applies to: Utilizes for guidance: Assessed by: FISMA Law Government agencies FIPS 199 FIPS 200 NIST SP 800-53 An agency, which may use or rely on the work of an outside auditor FedRAMP Program for managing assessments and ongoing compliance Cloud providers that host or plan to host for government agencies FedRAMP modified NIST 800-53 standards FedRAMP specific deliverables and templates An accredited Third Party Assessment Organization (3PAO) While often confused, FISMA is a law for agencies, FedRAMP is an audit program for cloud service providers (CSPs)
Webinar – What you should know about FedRAMP assessments | 6 Setting The Stage: Scope & Agency Involvement
Webinar – What you should know about FedRAMP assessments | 7 First Decision JAB vs Agency Sponsor • Option 1 - JAB Provisional Authorization (P-ATO) – FedRAMP Ready Assessment Required – Documentation reviewed by GSA, DoD, and DHS – Pros: Perceived as government-wide; No Agency Sponsor Required – Con: Lengthier process
Webinar – What you should know about FedRAMP assessments | 8 First Decision JAB vs Agency Sponsor • Option 2 - Agency Authority to Operate (ATO) – All documentation reviewed by single agency – Most common approach
Webinar – What you should know about FedRAMP assessments | 9 Estimated Timeframes (Provided by FedRAMP PMO) System Security Plan Security Assessment Plan Testing SAR & POA&M Review Authorize System Security Plan Security Assessment Plan Testing SAR & POA&M Review Authorize Quality of documentation will determine length of time and possible cycles throughout the entire process JAB P-ATO Agency ATO 6 months + 4 months +
Webinar – What you should know about FedRAMP assessments | 10 Cloud Delivery Models Drive Scope https://www.e-education.psu.edu/cloudGIS/node/91 Cloud IaaS Provider Responsibilities Leveraging a FedRAMP Authorized IaaS provider allows a SaaS provider to “carve out” those controls and only audit against that which is their responsibility.
Webinar – What you should know about FedRAMP assessments | 11 The System Security Plan (SSP) • Template available on www.fedramp.gov • Average 400-500 pages in length • Key Components: – System boundaries – Detailed control descriptions for each of the NIST 800-53 control families (section 13+) The CSP is 100% responsible for documenting the SSP and maintaining the controls on an ongoing basis.
Webinar – What you should know about FedRAMP assessments | 12 The Assessment Process
Webinar – What you should know about FedRAMP assessments | 13 The 3PAO Assessment Process • Two stages: Planning (SAP); Testing (SAR) • Assessment activities include: – Credentialed vulnerability scanning / observation – Penetration testing – Manual controls inspection including interviews, documentation review, and technical configuration review • Findings and communication – Real-time documentation and coordination between 3PAO and CSP – Development of POAMs by CSP
Webinar – What you should know about FedRAMP assessments | 14 Continuous Monitoring • 97 core controls for moderate + Agency specified ~ 50% controls • What happens after ATO
Webinar – What you should know about FedRAMP assessments | 15 Continuous Monitoring • Control requirements – Continuous – Weekly (e.g. log monitoring) – Monthly (e.g. scanning) – Quarterly (e.g. account review) – Annually
Webinar – What you should know about FedRAMP assessments | 16 Continuous Monitoring • 3PAO annual assessment – Assess core controls + % of all other controls (Agency-specified) – Review POAMs – Scanning (and/or observation of scanning) – Penetration testing
Webinar – What you should know about FedRAMP assessments | 17 Additional Topics and Summary
Webinar – What you should know about FedRAMP assessments | 18 FedRAMP+ & ITAR • Department of Defense – DoD uses a FedRAMP + model w/ DoD SRG/STIG guidance – FedRAMP controls plus additional controls at designated levels • Level 2 is aligned w/ FedRAMP • Level 4 adds an incremental 35 controls • NIST 800-171 – Standards for Controlled Unclassified Information (CUI) – Aimed primarily at contractors • ITAR – Some agencies require only US persons access to federal systems – While not a requirement for FedRAMP some systems and support models are built for ITAR compliance
Webinar – What you should know about FedRAMP assessments | 19 1H 2016 Updates • Current State: – 31 JAB ATOs (4-High) – 45 CSPs granted an initial Agency ATO • For example, AWS GovCloud has received 15 individual Agency authorizations for the same system • FedRAMP Ready launched as part of the FedRAMP Accelerated process for JAB • High baseline launched • New Templates
Webinar – What you should know about FedRAMP assessments | 20 Learn more: www.schellmanco.com/fedramp

Recommended

Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 
Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)GovCloud Network
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptxStevenTharp2
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachn|u - The Open Security Community
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 

Recommended

Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 
Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)GovCloud Network
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides SlideTeam
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptxStevenTharp2
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachn|u - The Open Security Community
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCPKarthikeyan Dhayalan
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
IBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdfIBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdfssuser3901ab
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554P Karlin Panggalo.SE.MM.Ak.CA.CFA.CCM
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementComputer Aid, Inc
 
Microsoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private CloudMicrosoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private CloudDavid Ziembicki
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 

More Related Content

What's hot

isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
IBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdfIBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdfssuser3901ab
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 

What's hot (20)

isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
IBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdfIBM Maximo AM-USER.pdf
IBM Maximo AM-USER.pdf
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 

Viewers also liked

Microsoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private CloudMicrosoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private CloudDavid Ziembicki
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training 1ECG
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalTuan Phan
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2waizou
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defenseamiable_indian
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 

Viewers also liked (20)

Microsoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private CloudMicrosoft CIO Summit - Government Private Cloud
Microsoft CIO Summit - Government Private Cloud
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
 
Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2Devops mycode devoxx-france-2015-v2
Devops mycode devoxx-france-2015-v2
 
Presentation_Borne
Presentation_BornePresentation_Borne
Presentation_Borne
 
Writing Secure Code – Threat Defense
Writing Secure Code – Threat DefenseWriting Secure Code – Threat Defense
Writing Secure Code – Threat Defense
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 

Similar to Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessments

FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
Failure Reporting, Analysis, Corrective Action System
Failure Reporting, Analysis, Corrective Action System Failure Reporting, Analysis, Corrective Action System
Failure Reporting, Analysis, Corrective Action System Ricky Smith CMRP, CMRT
 
Continual Monitoring
Continual MonitoringContinual Monitoring
Continual MonitoringTripwire
 
How Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsHow Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsWorksoft
 
FedRAMP concept-of-operations-conops
FedRAMP concept-of-operations-conopsFedRAMP concept-of-operations-conops
FedRAMP concept-of-operations-conopsGovCloud Network
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Managementjadams6
 
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...TRI, the risk-based monitoring company
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
Maintenance strategy
Maintenance strategyMaintenance strategy
Maintenance strategygumma alsgier
 
Awareness of iatf 16949
Awareness of iatf 16949Awareness of iatf 16949
Awareness of iatf 16949Pavan Patil
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
Webinar | GE & Stork | APM Best Practices - Mechanical Integrity
Webinar | GE & Stork | APM Best Practices - Mechanical IntegrityWebinar | GE & Stork | APM Best Practices - Mechanical Integrity
Webinar | GE & Stork | APM Best Practices - Mechanical IntegrityStork
 
Tool Box Talk - CMRP exam recommendations
Tool Box Talk - CMRP exam recommendationsTool Box Talk - CMRP exam recommendations
Tool Box Talk - CMRP exam recommendationsRicky Smith CMRP, CMRT
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
Measuring and Improving MP1.ppt
Measuring and Improving MP1.pptMeasuring and Improving MP1.ppt
Measuring and Improving MP1.pptssuserf2880f
 
Operational testing with employee performance tracking for compliance
Operational testing with employee performance tracking for compliance Operational testing with employee performance tracking for compliance
Operational testing with employee performance tracking for compliance CloudMoyo
 

Similar to Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessments (20)

FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Failure Reporting, Analysis, Corrective Action System
Failure Reporting, Analysis, Corrective Action System Failure Reporting, Analysis, Corrective Action System
Failure Reporting, Analysis, Corrective Action System
 
Continual Monitoring
Continual MonitoringContinual Monitoring
Continual Monitoring
 
How Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsHow Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP Projects
 
Monitoring
MonitoringMonitoring
Monitoring
 
FedRAMP concept-of-operations-conops
FedRAMP concept-of-operations-conopsFedRAMP concept-of-operations-conops
FedRAMP concept-of-operations-conops
 
Architecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk ManagementArchitecting the Framework for Compliance & Risk Management
Architecting the Framework for Compliance & Risk Management
 
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
Maintenance strategy
Maintenance strategyMaintenance strategy
Maintenance strategy
 
Awareness of iatf 16949
Awareness of iatf 16949Awareness of iatf 16949
Awareness of iatf 16949
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
t map brief
t map brieft map brief
t map brief
 
Webinar | GE & Stork | APM Best Practices - Mechanical Integrity
Webinar | GE & Stork | APM Best Practices - Mechanical IntegrityWebinar | GE & Stork | APM Best Practices - Mechanical Integrity
Webinar | GE & Stork | APM Best Practices - Mechanical Integrity
 
Tool Box Talk - CMRP exam recommendations
Tool Box Talk - CMRP exam recommendationsTool Box Talk - CMRP exam recommendations
Tool Box Talk - CMRP exam recommendations
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
Measuring and Improving MP1.ppt
Measuring and Improving MP1.pptMeasuring and Improving MP1.ppt
Measuring and Improving MP1.ppt
 
Operational testing with employee performance tracking for compliance
Operational testing with employee performance tracking for compliance Operational testing with employee performance tracking for compliance
Operational testing with employee performance tracking for compliance
 

More from Schellman & Company

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

More from Schellman & Company (19)

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Recently uploaded

Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up NumberMs Riya
 
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Ms
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,MsVIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Ms
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Msankitnayak356677
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Christina Parmionova
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urgesnarwatsonia7
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...Suhani Kapoor
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
Call Girls Rohini Delhi reach out to us at ☎ 9711199012
Call Girls Rohini Delhi reach out to us at ☎ 9711199012Call Girls Rohini Delhi reach out to us at ☎ 9711199012
Call Girls Rohini Delhi reach out to us at ☎ 9711199012rehmti665
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageTechSoup
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalorenarwatsonia7
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Christina Parmionova
 
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...Suhani Kapoor
 

Recently uploaded (20)

Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
 
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls ServicesModel Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
 
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Ms
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,MsVIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Ms
VIP Greater Noida Call Girls 9711199012 Escorts Service Noida Extension,Ms
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
 
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
Call Girls Rohini Delhi reach out to us at ☎ 9711199012
Call Girls Rohini Delhi reach out to us at ☎ 9711199012Call Girls Rohini Delhi reach out to us at ☎ 9711199012
Call Girls Rohini Delhi reach out to us at ☎ 9711199012
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized Storage
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
 
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
 

Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessments

  • 1. Webinar – What you should know about FedRAMP assessments | 1 Work with Federal Agencies? Here's What You Should Know About FedRAMP Assessments
  • 2. Webinar – What you should know about FedRAMP assessments | 2 Contents • FedRAMP Overview • Setting the Stage • Assessment Process • Additional Topics and Summary
  • 3. Webinar – What you should know about FedRAMP assessments | 3 What is FedRAMP?
  • 4. Webinar – What you should know about FedRAMP assessments | 4 What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant agency security assessments. Launched in July 2012 FedRAMP replaces what was previously a decentralized authority to operation (ATO) model where each agency performed their own assessment
  • 5. Webinar – What you should know about FedRAMP assessments | 5 Understanding FISMA vs. FedRAMP Is a: Applies to: Utilizes for guidance: Assessed by: FISMA Law Government agencies FIPS 199 FIPS 200 NIST SP 800-53 An agency, which may use or rely on the work of an outside auditor FedRAMP Program for managing assessments and ongoing compliance Cloud providers that host or plan to host for government agencies FedRAMP modified NIST 800-53 standards FedRAMP specific deliverables and templates An accredited Third Party Assessment Organization (3PAO) While often confused, FISMA is a law for agencies, FedRAMP is an audit program for cloud service providers (CSPs)
  • 6. Webinar – What you should know about FedRAMP assessments | 6 Setting The Stage: Scope & Agency Involvement
  • 7. Webinar – What you should know about FedRAMP assessments | 7 First Decision JAB vs Agency Sponsor • Option 1 - JAB Provisional Authorization (P-ATO) – FedRAMP Ready Assessment Required – Documentation reviewed by GSA, DoD, and DHS – Pros: Perceived as government-wide; No Agency Sponsor Required – Con: Lengthier process
  • 8. Webinar – What you should know about FedRAMP assessments | 8 First Decision JAB vs Agency Sponsor • Option 2 - Agency Authority to Operate (ATO) – All documentation reviewed by single agency – Most common approach
  • 9. Webinar – What you should know about FedRAMP assessments | 9 Estimated Timeframes (Provided by FedRAMP PMO) System Security Plan Security Assessment Plan Testing SAR & POA&M Review Authorize System Security Plan Security Assessment Plan Testing SAR & POA&M Review Authorize Quality of documentation will determine length of time and possible cycles throughout the entire process JAB P-ATO Agency ATO 6 months + 4 months +
  • 10. Webinar – What you should know about FedRAMP assessments | 10 Cloud Delivery Models Drive Scope https://www.e-education.psu.edu/cloudGIS/node/91 Cloud IaaS Provider Responsibilities Leveraging a FedRAMP Authorized IaaS provider allows a SaaS provider to “carve out” those controls and only audit against that which is their responsibility.
  • 11. Webinar – What you should know about FedRAMP assessments | 11 The System Security Plan (SSP) • Template available on www.fedramp.gov • Average 400-500 pages in length • Key Components: – System boundaries – Detailed control descriptions for each of the NIST 800-53 control families (section 13+) The CSP is 100% responsible for documenting the SSP and maintaining the controls on an ongoing basis.
  • 12. Webinar – What you should know about FedRAMP assessments | 12 The Assessment Process
  • 13. Webinar – What you should know about FedRAMP assessments | 13 The 3PAO Assessment Process • Two stages: Planning (SAP); Testing (SAR) • Assessment activities include: – Credentialed vulnerability scanning / observation – Penetration testing – Manual controls inspection including interviews, documentation review, and technical configuration review • Findings and communication – Real-time documentation and coordination between 3PAO and CSP – Development of POAMs by CSP
  • 14. Webinar – What you should know about FedRAMP assessments | 14 Continuous Monitoring • 97 core controls for moderate + Agency specified ~ 50% controls • What happens after ATO
  • 15. Webinar – What you should know about FedRAMP assessments | 15 Continuous Monitoring • Control requirements – Continuous – Weekly (e.g. log monitoring) – Monthly (e.g. scanning) – Quarterly (e.g. account review) – Annually
  • 16. Webinar – What you should know about FedRAMP assessments | 16 Continuous Monitoring • 3PAO annual assessment – Assess core controls + % of all other controls (Agency-specified) – Review POAMs – Scanning (and/or observation of scanning) – Penetration testing
  • 17. Webinar – What you should know about FedRAMP assessments | 17 Additional Topics and Summary
  • 18. Webinar – What you should know about FedRAMP assessments | 18 FedRAMP+ & ITAR • Department of Defense – DoD uses a FedRAMP + model w/ DoD SRG/STIG guidance – FedRAMP controls plus additional controls at designated levels • Level 2 is aligned w/ FedRAMP • Level 4 adds an incremental 35 controls • NIST 800-171 – Standards for Controlled Unclassified Information (CUI) – Aimed primarily at contractors • ITAR – Some agencies require only US persons access to federal systems – While not a requirement for FedRAMP some systems and support models are built for ITAR compliance
  • 19. Webinar – What you should know about FedRAMP assessments | 19 1H 2016 Updates • Current State: – 31 JAB ATOs (4-High) – 45 CSPs granted an initial Agency ATO • For example, AWS GovCloud has received 15 individual Agency authorizations for the same system • FedRAMP Ready launched as part of the FedRAMP Accelerated process for JAB • High baseline launched • New Templates
  • 20. Webinar – What you should know about FedRAMP assessments | 20 Learn more: www.schellmanco.com/fedramp