Tag Archives: cloud service provider

GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

FedRAMP

The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security authorization packages prior to submission to the Federal Risk and Authorization Management Program (FedRAMP).

Read More »

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

FedRAMP

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance document provides CSPs with information on how to illustrate their cloud services' authorization boundary, network interconnections and data flow diagrams.

Read More »

FedRAMP Issues Guidance on Remote Data Center Testing

Remote Data Center

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” the blog post states.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting. 

Read More »

Judy Baltensperger, Kevin Cox Share Plans for CISA’s Continuous Diagnostics and Mitigation Program

NSA-CISA-FBI-UK NCSC

The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve security. Judy Baltensperger said most of the pilot agencies have moved their infrastructure to the cloud and that data quality certification will likely be carried out by the summer of 2021.

Read More »

NIST Releases Report on Forensic Science Concerns in Cloud Environments; Martin Herman Quoted

Cloud-Based

The National Institute of Standards and Technology (NIST) has issued a new report on forensic science challenges faced by law enforcement officers, auditors and other professionals in cloud environments. The report enumerated 62 cloud-related forensic challenges and one of those listed challenges is associated with data custodians at cloud service providers. 

Read More »

Anil Cheriyan: FedRAMP Plans to Establish Liaison, Boost Training in 2020

Anil Cheriyan, director of the General Services Administration’s Technology Transformation Services, said the Federal Risk and Authorization Management Program is working to create a liaison to help coordinate with civilian agencies in order to improve understanding of FedRAMP, Federal Times reported Friday.

Read More »