Category Archives: FISMA

System Administrator Monterey, CA

Interested in knowing how I get so many job offers:
http://securitycompliance.thinkific.com

Position: Systems Administrator
Location: Monterey, CA
Certification- Need windows/ linux/vmware certification and Security+

Responsibilities:

Provide technical support for both hardware and software issues our users encounter Manage the configuration and operation of client-based computer operating systems Monitor the system daily and respond immediately to security or usability concerns Create and verify backups of data Respond to and resolve help desk requests Upgrade systems and processes as required for enhanced functionality and security issue resolution Administrate infrastructure, including firewalls, databases, malware protection software and other processes Review application logs Install and test computer-related equipment Microsoft, VMware, Linux, storage, solarwind experience required

Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at sakship@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (703) 687-6627 (Work) | Ext. 1121, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
SakshiPuri
E TalentNetwork

Home


8251 Greensboro Drive
McLeanVA
sakship@etalentnetwork.com
(703) 687-6627 (Work) | Ext. 1121

secureDenver2016

Attend the (ISC)² SecureDenver Event on June 17

Threat Intelligence – From Haystacks to Needles
Information Security, as a function, sits at a great confluence of raw unfiltered data; perhaps more data about the enterprise than any other function of the organization. From state-based data such as vulnerability scan results, to event-based data such as IDS logs, we are collecting more and more information about the enterprise every passing day.
The next step is to make sense of this treasure trove of data. To find the nuggets of truth and transform them into useful information.
Date: June 17, 2016

Registration: 8:00 a.m.

Time: 9:00 a.m.5:00 p.m.
Venue: Marriott Denver South
10345 Park Meadows
Littleton, Colorado 80124
USA
Registration Fee: $99
For full program, speaker information, and registration,
click here.

Federal Information Security Modernization Act of 2014

The Federal Information Security Modernization Action of 2014:

  1. provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets
  2. recognize the highly networked nature of the current Federal computing environment and provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities;
  3. provide for development and maintenance of minimum controls required to protect Federal information and information systems;
  4. provide a mechanism for improved oversight of Federal agency information security programs, including through automated security tools to continuously diagnose and improve security;
  5. acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and
  6. recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.

More here:

https://www.congress.gov/bill/113th-congress/senate-bill/2521/text

cloud -fedRAMP

federal cloud FedRAMP.gov

The Federal Risk Authorization Management Program (FedRAMP) is launching a site to clear up the cloudy confusion of federal cloud compliance world.  The site is fedRAMP.gov and it is intended for federal agencies and vendors of cloud based technologies and services.  They will be getting away from the old site: http://cloud.cio.gov/fedramp

Goodrich Matthew fedramp
Goodrich Matthew fedramp

According to FedRAMP Director Matt Goodrich,  “We’ll be focusing on reaching a broader audience and get into the agencies and vendors who haven’t quite grasped what FedRAMP is and how it benefits them.  Using same message over and over again doesn’t work. At FedRAMP, we’ve been doing the same message for 2 1/2 years. We need to shake it up and say it again differently so we’re penetrating the different types of the market and agencies who haven’t quite gotten the message yet.”  The site will feature a training program.

What is FedRAMP?

Federal Risk and Authorization Program (FedRAMP) is a risk management program for assessing and monitoring the security of cloud products and services.

FedRAMP focuses on 3 major areas of cloud security:

  • Providing joint security assessments and authorizations based on a standardized baseline set of security controls
  • Using approved Third Party Assessment Organizations to consistently evaluate a Cloud Service Provider’s ability to meet the security controls
  • Coordinating continuous monitoring services

Why is FedRAMP needed?

The federal government is trying to get away from having each and every agency have their own homemade risk management process.  They are trying to save cost and confusion by consolidating and streamlining FedRAMP and other risk management process.

Who does FedRAMP apply to?

FedRAMP PMO – Housed within GSA and responsible for operational management.

NIST – Maintains FISMA standards, and establishes technical standards.

Joint Authorization Board (JAB) – performs rigorous technical reviews of CSP authorization packages for FedRAMP compliance and grants the provisional ATO; members are the CIOs from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense CIO Council; coordinates cross agency communications.

DHS – monitors and reports on security incidents and provides data for continuous monitoring.

Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.

Third Party Assessment Organizations – perform initial and ongoing independent verification and validation of the security controls deployed within the Cloud Service Provider’s information system.

Cloud Service Providers – implement the security controls within their products and services needed to meet the security requirements outlined in FedRAMP.

 

 

fedramp 3pao process

fedramp 3pao

 

FedRAMP 3pao
FedRAMP 3pao

Federal Risk and Authorization Management Program 3rd Party Assessment Organizations (3PAO)

FEDRAMP was developed to give the federal government a way to use cloud based service as securely as possible.  It applies to federal US agencies it provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.  

 

3pao – third party assessment organizations

Third Party assessors play an integral role in the FedRAMP process.  Accredited independent assessors – Third Party Assessment Organizations (3PAOs) have demonstrated independence and technical competency required to test the security implementations and collect representative evidence.  Whether accredited through FedRAMP or not, third party assessors: 

  • Create a Security Assessment Plan
  • Perform initial and periodic assessments of CSP security controls
  • Conduct security tests and produce a Security Assessment Report
fedramp 3pao process
fedramp 3pao process