Tag Archives: CSP

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

FedRAMP

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance document provides CSPs with information on how to illustrate their cloud services' authorization boundary, network interconnections and data flow diagrams.

Read More »

FedRAMP Issues Guidance on Remote Data Center Testing

Remote Data Center

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” the blog post states.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

DOJ Passes DHS-led Cybersecurity Assessment; Kenneth Bible Quoted

Department of Justice

The Department of Justice's (DOJ) Security Operations Center (JSOC) has passed an assessment conducted by the Department of Homeland Security (DHS). DHS said Thursday that its Cybersecurity Service Provider delivered the assessment with staff from the Transportation Security Administration (TSA) and Immigration and Customs Enforcement (ICE). JSOC exceeded standards in 35 of 40 assessment areas, and is now certified as a CSP Center of Excellence.

Read More »

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting. 

Read More »

Judy Baltensperger, Kevin Cox Share Plans for CISA’s Continuous Diagnostics and Mitigation Program

NSA-CISA-FBI-UK NCSC

The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve security. Judy Baltensperger said most of the pilot agencies have moved their infrastructure to the cloud and that data quality certification will likely be carried out by the summer of 2021.

Read More »

Navy Eyes Commercial Cloud Providers for Long-Haul Telecom Services; Will Stephens Quoted

The U.S. Navy plans to kick off a prototype project in the spring of 2019 to determine whether to outsource long-haul telecommunications support to one or more cloud service providers, Federal News Network reported Tuesday. The service currently relies on the Defense Information Systems Agency’s wide-area network for telecom services. 

Read More »

IBM Strikes $34B Deal for Red Hat; Ginni Rometty, Jim Whitehurst Quoted

IBM has agreed to acquire Red Hat for approximately $34B in a move both companies expect to create a global hybrid cloud provider. IBM said Sunday it will pay $190M in cash for each share of Red Hat under the deal that is expected to conclude in the latter half of next year, subject to approvals by Red Hat shareholders and regulators.

Read More »