• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

cloud computing

Cybersecurity Convocourses Resume Bullets, Cloud tech and other subjects

September 6, 2020 by Leave a Comment

Cybersecurity Convocourses Resume Bullets, Cloud tech and other subjects

Audio ONLY:
http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-Resume-Bullets.mp3

http://www.nist80037rmf.com/wp-content/uploads/2020/09/Cybersecurity-Convocourses-Resume-Bullets.mp3

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: cloud, convocourses, DIARMF Jobs, Information Assurance Jobs, IT Security Jobs, podcast, risk jobs Tagged With: cloud computing, cybersecurity, resume

federal cloud FedRAMP.gov

March 3, 2015 by Bruce Brown Leave a Comment

The Federal Risk Authorization Management Program (FedRAMP) is launching a site to clear up the cloudy confusion of federal cloud compliance world.  The site is fedRAMP.gov and it is intended for federal agencies and vendors of cloud based technologies and services.  They will be getting away from the old site: http://cloud.cio.gov/fedramp

Goodrich Matthew fedramp
Goodrich Matthew fedramp

According to FedRAMP Director Matt Goodrich,  “We’ll be focusing on reaching a broader audience and get into the agencies and vendors who haven’t quite grasped what FedRAMP is and how it benefits them.  Using same message over and over again doesn’t work. At FedRAMP, we’ve been doing the same message for 2 1/2 years. We need to shake it up and say it again differently so we’re penetrating the different types of the market and agencies who haven’t quite gotten the message yet.”  The site will feature a training program.

What is FedRAMP?

Federal Risk and Authorization Program (FedRAMP) is a risk management program for assessing and monitoring the security of cloud products and services.

FedRAMP focuses on 3 major areas of cloud security:

  • Providing joint security assessments and authorizations based on a standardized baseline set of security controls
  • Using approved Third Party Assessment Organizations to consistently evaluate a Cloud Service Provider’s ability to meet the security controls
  • Coordinating continuous monitoring services

Why is FedRAMP needed?

The federal government is trying to get away from having each and every agency have their own homemade risk management process.  They are trying to save cost and confusion by consolidating and streamlining FedRAMP and other risk management process.

Who does FedRAMP apply to?

FedRAMP PMO – Housed within GSA and responsible for operational management.

NIST – Maintains FISMA standards, and establishes technical standards.

Joint Authorization Board (JAB) – performs rigorous technical reviews of CSP authorization packages for FedRAMP compliance and grants the provisional ATO; members are the CIOs from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense CIO Council; coordinates cross agency communications.

DHS – monitors and reports on security incidents and provides data for continuous monitoring.

Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.

Third Party Assessment Organizations – perform initial and ongoing independent verification and validation of the security controls deployed within the Cloud Service Provider’s information system.

Cloud Service Providers – implement the security controls within their products and services needed to meet the security requirements outlined in FedRAMP.

 

 

Filed Under: FISMA, Information Assurance, Risk Management For DoD IT Tagged With: cloud, cloud computing, fedramp, fedramp 3pao

Primary Sidebar

search

Learn to Make 6 Figures in CyberSecurity

Cyber Security How to make up to 6 Figures
6 figures in Cyber Security

This course explains how I have been able to consistently make 6 figures doing cyber security. There is a method that I have used during my development in cyber security. I am presenting that method to you.

View Course

Teleworking - IT Remote Work
Teleworking – IT Remote Work

Teleworking is something I have been doing for the last 5 years. This is how I did it.

Find Teleworking IT Jobs

View Course

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • convocourses podcast: RMF Course Updates New NIST 800-53
  • ConvoCourses podcast: get into IT from other fields
  • Convocourses Podcast: Updates, Cybersecurity Path, 8140
  • ConvoCourses Podcast: POAM-Mitigation, News, Networking RMF
  • ConvoCourses Updates Sept 2020 – discord and free stuff (PODCAST)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert
  • Disa Help Desk | VinHomesData.com on STIG Update – DISA has released the Oracle Java Runtime Environment (JRE) 8 STIG Version 1
  • Bruce Brown on DIARMF – Continuous Monitoring
  • dpresbit on DIARMF – Continuous Monitoring

Tags

8140 8570 ArcSight c&a CISSP colorado cyber cybersecurity cyber security denver DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO job jobs Linux mcafee nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security SIEM STIG stigs unix VMWare windows

Copyright © 2021 · Author Pro on Genesis Framework · WordPress · Log in