• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

cloud computing

Cybersecurity Convocourses Resume Bullets, Cloud tech and other subjects

September 6, 2020 by Leave a Comment

Cybersecurity Convocourses Resume Bullets, Cloud tech and other subjects

Audio ONLY:
http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-Resume-Bullets.mp3

http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-Resume-Bullets.mp3

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: cloud, convocourses, DIARMF Jobs, Information Assurance Jobs, IT Security Jobs, podcast, risk jobs Tagged With: cloud computing, cybersecurity, resume

federal cloud FedRAMP.gov

March 3, 2015 by Bruce Brown Leave a Comment

The Federal Risk Authorization Management Program (FedRAMP) is launching a site to clear up the cloudy confusion of federal cloud compliance world.  The site is fedRAMP.gov and it is intended for federal agencies and vendors of cloud based technologies and services.  They will be getting away from the old site: http://cloud.cio.gov/fedramp

Goodrich Matthew fedramp
Goodrich Matthew fedramp

According to FedRAMP Director Matt Goodrich,  “We’ll be focusing on reaching a broader audience and get into the agencies and vendors who haven’t quite grasped what FedRAMP is and how it benefits them.  Using same message over and over again doesn’t work. At FedRAMP, we’ve been doing the same message for 2 1/2 years. We need to shake it up and say it again differently so we’re penetrating the different types of the market and agencies who haven’t quite gotten the message yet.”  The site will feature a training program.

What is FedRAMP?

Federal Risk and Authorization Program (FedRAMP) is a risk management program for assessing and monitoring the security of cloud products and services.

FedRAMP focuses on 3 major areas of cloud security:

  • Providing joint security assessments and authorizations based on a standardized baseline set of security controls
  • Using approved Third Party Assessment Organizations to consistently evaluate a Cloud Service Provider’s ability to meet the security controls
  • Coordinating continuous monitoring services

Why is FedRAMP needed?

The federal government is trying to get away from having each and every agency have their own homemade risk management process.  They are trying to save cost and confusion by consolidating and streamlining FedRAMP and other risk management process.

Who does FedRAMP apply to?

FedRAMP PMO – Housed within GSA and responsible for operational management.

NIST – Maintains FISMA standards, and establishes technical standards.

Joint Authorization Board (JAB) – performs rigorous technical reviews of CSP authorization packages for FedRAMP compliance and grants the provisional ATO; members are the CIOs from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense CIO Council; coordinates cross agency communications.

DHS – monitors and reports on security incidents and provides data for continuous monitoring.

Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.

Third Party Assessment Organizations – perform initial and ongoing independent verification and validation of the security controls deployed within the Cloud Service Provider’s information system.

Cloud Service Providers – implement the security controls within their products and services needed to meet the security requirements outlined in FedRAMP.

 

 

Filed Under: FISMA, Information Assurance, Risk Management For DoD IT Tagged With: cloud, cloud computing, fedramp, fedramp 3pao

Primary Sidebar

search


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

Cyber Security How to make up to 6 Figures
6 figures in Cyber Security

This course explains how I have been able to consistently make 6 figures doing cyber security. There is a method that I have used during my development in cyber security. I am presenting that method to you.

View Course

Teleworking - IT Remote Work
Teleworking – IT Remote Work

Teleworking is something I have been doing for the last 5 years. This is how I did it.

Find Teleworking IT Jobs

View Course

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Technical Jobs that allow Telecommuting / Remote Work
  • Access Control Family: AC-5, Separation of Duties
  • Access Control Family: AC-6, Least Privilege
  • Cybersecurity Convocourses: Assessors Point of View
  • Access Control Family: AC-4 Information Flow Enforcement

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows

Copyright © 2022 · Author Pro on Genesis Framework · WordPress · Log in

Posting....