Home / Tag Archives: cloud security

Tag Archives: cloud security

FedRAMP Issues 3 New Documents on Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released three new documents to clarify its process for continuously monitoring FedRAMP-authorized cloud service providers. FedRAMP said Tuesday the new continuous monitoring documents include a draft of the “Automated Vulnerability Risk Adjustment Framework Guidance,” which is intended to help CSPs build and deploy …

Read More »

Profile: Scott Kaplan, NGA Chief of Cloud Security

Scott Kaplan serves as chief of cloud security at the National Geospatial-Intelligence Agency  and works in the cloud security division of NGA’s Office of the Chief Information Officer and IT Services directorate, or CIO-T. He brings years of information technology, security, operations and business experience to his current position and aims to …

Read More »

DISA Releases Update to DoD CIO’s Cloud Security Guide for Service Providers

The Defense Information Systems Agency has published an updated version of the Cloud Computing Security Requirements Guide by the Defense Department chief information officer in response to feedback from industry and mission partners. DISA said Monday the CC SRG v1r2 release also includes a revision history and a comment matrix, which work to facilitate understanding …

Read More »

Matt Goodrich: GSA to Work on FedRAMP Authorization Process, Program Transparency

Matt Goodrich, director of the Federal Risk and Authorization Management Program at the General Services Administration, has said stakeholders believe the program is a potential “market maker” and has influenced how industry gauges cloud security. He wrote in a blog entry posted Wednesday that cloud service providers, third-party assessors, government agencies and others have …

Read More »

Michaela Iorga: NIST’s New Cloud Security Guidance Puts Focus Beyond FedRAMP Baseline

The National Institute of Standards and Technology is developing new guidelines on cloud security controls to supplement the Federal Risk and Authorization Management Program’s baselines and impact levels, FierceGovernmentIT reported Thursday. Molly Bernhart Walker writes that Michaela Iorga, NIST’s senior security technical lead for cloud computing, said the future NIST Special Publication 800-174 …

Read More »

Terry Halvorsen: DoD Eyes More Cloud Pilots, Industry Dialogue

The Defense Department is pushing forward its cloud adoption efforts and industry dialogue following recent updates on the commercial cloud acquisition policy and the Defense Information Systems Agency‘s cloud security guidelines, Nextgov reported Thursday. Frank Konkel writes that Terry Halvorsen, DoD’s acting chief information officer, told commercial cloud service providers at …

Read More »

Report: New DoD Cloud Strategy Seeks to Decentralize Procurement

An upcoming release of the Defense Department‘s new cloud strategy aims to give individual agencies the capability to pursue commercial cloud procurements independently compared to the current cloud brokerage practice, Nextgov reported Tuesday. Frank Konkel writes that a draft of the “DoD Cloud Way Forward” document indicates that the department plans to limit …

Read More »

Report: DISA Testing Military Systems Against New FedRAMP Security Controls

The Defense Information Systems Agency is working with the military to identify mission-critical systems and running pilot tests for the additional Federal Risk and Authorization Management Program Level 3 security requirements, Federal News Radio reported Thursday. Jason Miller writes the tests are conducted to help the Defense Department‘s risk executive function determine …

Read More »