• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

cloud

VMware vSphere 6.0 STIGs, V1R1

February 12, 2016 by Bruce Brown Leave a Comment

VMware vSphere 6.0 STIGs, V1R1

DISA has released the VMware vSphere 6.0 STIGs Version 1 for ESXi, vCenter Server for Windows and Virtual Machine.  The requirements of the STIGs become effective immediately.  The STIGs are available on IASE athttp://iase.disa.mil/stigs/os/virtualization/Pages/virtualization.aspx.

Filed Under: diarmf - implement, STIGS Tagged With: cloud, STIG, virtual, VMWare, vsphere

Denver & Colorado Springs Eng, Tech & Security Clearance Career Expos, Feb 16 & 17

January 25, 2016 by Bruce Brown Leave a Comment

If you are looking for a new opportunity, plan to attend the Colorado Engineering, Technology and Security Clearance

Denver & Colorado Springs Eng, Tech & Security Clearance Career Expos, Feb 16 & 17 CAREER FAIR:

Day 1: Colorado Springs Marriott/Tech Centre Dr. Feb. 16

Day 2: Hilton Garden Inn/Denver Tech Center Feb. 17

10 am– 2 pm

 

Meet face to face with hiring managers recruiting for experienced professionals in: Engineers (all disciplines), Test, IT, Mechanical, Defense, Scientific, Design, Risk, Cloud, Network, Cyber, Finite Element Modeling, Hardware, Electrical, Scientists, Software Developers, and Related Disciplines!

 

100’s of jobs are available!

All jobs require US citizenship and a minimum 2 years of Engineering or Technology industry experience on top of related degree or military background.  Some jobs require active security clearance.

 

For advanced registration and Express Lane access, please send your resume to: Resume@ExpoExpertsllc.com Subject: Attending

Expo Experts LLC 7770 Cooper Rd Cincinnati, Oh 45242

Celeste Farmer <celeste@expoexpertsllc.com>

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs Tagged With: career, career fair, cloud, colorado springs, cyber, Defense, denver, Design, Electrical, est, expo, expos, Finite Element Modeling, Hardware, IT, Mechanical, network, risk, Scientific, Scientists, security clearance, Software Developers

Best Practices Guide for Department of Defense Cloud Mission Owners

August 18, 2015 by Bruce Brown Leave a Comment

DISA has released “Best Practices Guide for Department of Defense Cloud
Mission Owners” which is available at
http://iase.disa.mil/cloud_security/Pages/index.aspx

This site provides a knowledge base for cloud computing security processes and cloud service provider (CSP) security requirements.

DISA has developed the following DRAFT documents related to Cloud Computing Security and the use/integration of Cloud Computing in DoD which are available for community review and feedback/comments:
• Draft Cloud Computing Security Requirements Guide (SRG), Version 1 Release 2
• Draft Cloud Access Point (CAP) Functional Requirements Document (FRD) V2.2
• Draft Concept of Operations (CONOPS) for Cloud Computer Network Defense (CND) v1

The Draft documents and a Comment Matrix for each (in a .zip file) are available below.

Please provide comments by COB 22 August 2015 on the Comment Matrix associated with each document via one unclassified email for each comment matrix to:
disa.letterkenny.re.mbx.stig-info@mail.mil

Please Note: It is critical that each comment matrix is returned in a separate email with the subject line stating “[Your organization] Comments for [document title]” so we can distribute the comment matrices to the appropriate team for each document and easily identify the source.

 

Filed Under: diarmf - implement, STIGS Tagged With: cloud, implementation, rmf implementation, STIG

federal cloud FedRAMP.gov

March 3, 2015 by Bruce Brown Leave a Comment

The Federal Risk Authorization Management Program (FedRAMP) is launching a site to clear up the cloudy confusion of federal cloud compliance world.  The site is fedRAMP.gov and it is intended for federal agencies and vendors of cloud based technologies and services.  They will be getting away from the old site: http://cloud.cio.gov/fedramp

Goodrich Matthew fedramp
Goodrich Matthew fedramp

According to FedRAMP Director Matt Goodrich,  “We’ll be focusing on reaching a broader audience and get into the agencies and vendors who haven’t quite grasped what FedRAMP is and how it benefits them.  Using same message over and over again doesn’t work. At FedRAMP, we’ve been doing the same message for 2 1/2 years. We need to shake it up and say it again differently so we’re penetrating the different types of the market and agencies who haven’t quite gotten the message yet.”  The site will feature a training program.

What is FedRAMP?

Federal Risk and Authorization Program (FedRAMP) is a risk management program for assessing and monitoring the security of cloud products and services.

FedRAMP focuses on 3 major areas of cloud security:

  • Providing joint security assessments and authorizations based on a standardized baseline set of security controls
  • Using approved Third Party Assessment Organizations to consistently evaluate a Cloud Service Provider’s ability to meet the security controls
  • Coordinating continuous monitoring services

Why is FedRAMP needed?

The federal government is trying to get away from having each and every agency have their own homemade risk management process.  They are trying to save cost and confusion by consolidating and streamlining FedRAMP and other risk management process.

Who does FedRAMP apply to?

FedRAMP PMO – Housed within GSA and responsible for operational management.

NIST – Maintains FISMA standards, and establishes technical standards.

Joint Authorization Board (JAB) – performs rigorous technical reviews of CSP authorization packages for FedRAMP compliance and grants the provisional ATO; members are the CIOs from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense CIO Council; coordinates cross agency communications.

DHS – monitors and reports on security incidents and provides data for continuous monitoring.

Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.

Third Party Assessment Organizations – perform initial and ongoing independent verification and validation of the security controls deployed within the Cloud Service Provider’s information system.

Cloud Service Providers – implement the security controls within their products and services needed to meet the security requirements outlined in FedRAMP.

 

 

Filed Under: FISMA, Information Assurance, Risk Management For DoD IT Tagged With: cloud, cloud computing, fedramp, fedramp 3pao

Primary Sidebar

search


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

Cyber Security How to make up to 6 Figures
6 figures in Cyber Security

This course explains how I have been able to consistently make 6 figures doing cyber security. There is a method that I have used during my development in cyber security. I am presenting that method to you.

View Course

Teleworking - IT Remote Work
Teleworking – IT Remote Work

Teleworking is something I have been doing for the last 5 years. This is how I did it.

Find Teleworking IT Jobs

View Course

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • How to find a telework remote position
  • Cybersecurity & IT Convocourses – POAM, SSP and Security Impact Analysis
  • Cyber Security Engineer Aurora CO job
  • More Teleworking after pandemic
  • Can a US citizen married to a foreigner get a US clearance for finding jobs

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows

Copyright © 2022 · Author Pro on Genesis Framework · WordPress · Log in

Posting....