Beau Houser, the incoming chief information security officer of the Census Bureau, said he looks forward to addressing the challenge of safeguarding the technological platforms behind the 2020 population count, Federal News Radio reported Thursday.
Read More »GSA’s Dan Jacobs on How Agencies Should Approach Cloud Security
Dan Jacobs, a security expert at the General Services Administration, said agencies should deal with cybersecurity with a focus on people and processes as they transfer workloads to the cloud, Nextgov reported Thursday. “Many of the problems we face as a security community aren’t actually technical problems at all,” he said Tuesday at a lunch hosted by Symantec.
Read More »Bernard Del Rosario: DISA’s Cloud Architecture Helps Users Meet Security Req’s
Bernard del Rosario, a chief engineer for the Defense Information Systems Agency, said at an AFCEA symposium in Maryland that the Secure Cloud Computing Architecture helps accelerate the "authority to operate" process, DISA said Wednesday. The agency's SCCA platform enables the Department of Defense’s partner entities to optimize security and management features to meet requirements for migrating workloads to the cloud.
Read More »GSA Eyes FedRAMP Training Program for Federal Security Officials
General Services Administration officials said they plan to provide federal security officers hands-on training on the Federal Risk and Authorization Management Program, FedScoop reported Wednesday. “We’re going to start bringing security officers into our office, give them some training on FedRAMP, radicalize them to our methodologies,” Zach Baldwin, program manager at FedRAMP, said Tuesday at the Cloud Security Alliance’s federal summit.
Read More »Lauren Knausenberger: Air Force Accelerating Accreditation Process for SaaS Apps
Lauren Knausenberger, director of cyberspace innovation at the U.S. Air Force, said the service is developing methods to speed up the accreditation of software-as-a-service applications to handle controlled unclassified information, FedScoop reported Thursday.
Read More »FedRAMP Issues 3 New Documents on Continuous Monitoring Process
The Federal Risk and Authorization Management Program has released three new documents to clarify its process for continuously monitoring FedRAMP-authorized cloud service providers. FedRAMP said Tuesday the new continuous monitoring documents include a draft of the “Automated Vulnerability Risk Adjustment Framework Guidance,” which is intended to help CSPs build and deploy …
Read More »Profile: Scott Kaplan, NGA Chief of Cloud Security
Scott Kaplan serves as chief of cloud security at the National Geospatial-Intelligence Agency and works in the cloud security division of NGA’s Office of the Chief Information Officer and IT Services directorate, or CIO-T. He brings years of information technology, security, operations and business experience to his current position and aims to …
Read More »Jack Wilmer: DISA Needs Security Tools to Defend DoD Apps in Commercial Cloud
Jack Wilmer, a Defense Information Systems Agency official, has said DISA needs to field tools designed to defend Defense Department applications from potential security vulnerabilities in commercial cloud environments. Wilmer, vice director of the development and business center at DISA, told attendees of the MeriTalk Cloud Computing Brainstorm event that the need …
Read More »DISA Releases Update to DoD CIO’s Cloud Security Guide for Service Providers
The Defense Information Systems Agency has published an updated version of the Cloud Computing Security Requirements Guide by the Defense Department chief information officer in response to feedback from industry and mission partners. DISA said Monday the CC SRG v1r2 release also includes a revision history and a comment matrix, which work to facilitate understanding …
Read More »Matt Goodrich: GSA to Work on FedRAMP Authorization Process, Program Transparency
Matt Goodrich, director of the Federal Risk and Authorization Management Program at the General Services Administration, has said stakeholders believe the program is a potential “market maker” and has influenced how industry gauges cloud security. He wrote in a blog entry posted Wednesday that cloud service providers, third-party assessors, government agencies and others have …
Read More »