Cyber Security Compliance and IT Jobs
VMware vSphere 6.0 STIGs, V1R1
DISA has released the VMware vSphere 6.0 STIGs Version 1 for ESXi, vCenter Server for Windows and Virtual Machine. The requirements of the STIGs become effective immediately. The STIGs are available on IASE athttp://iase.disa.mil/stigs/os/
If you are looking for a new opportunity, plan to attend the Colorado Engineering, Technology and Security Clearance
Denver & Colorado Springs Eng, Tech & Security Clearance Career Expos, Feb 16 & 17 CAREER FAIR:
Day 1: Colorado Springs Marriott/Tech Centre Dr. Feb. 16
Day 2: Hilton Garden Inn/Denver Tech Center Feb. 17
10 am– 2 pm
Meet face to face with hiring managers recruiting for experienced professionals in: Engineers (all disciplines), Test, IT, Mechanical, Defense, Scientific, Design, Risk, Cloud, Network, Cyber, Finite Element Modeling, Hardware, Electrical, Scientists, Software Developers, and Related Disciplines!
100’s of jobs are available!
All jobs require US citizenship and a minimum 2 years of Engineering or Technology industry experience on top of related degree or military background. Some jobs require active security clearance.
For advanced registration and Express Lane access, please send your resume to: Resume@ExpoExpertsllc.com Subject: Attending
Expo Experts LLC 7770 Cooper Rd Cincinnati, Oh 45242
Celeste Farmer <celeste@expoexpertsllc.com> |
DISA has released “Best Practices Guide for Department of Defense Cloud
Mission Owners” which is available at
http://iase.disa.mil/cloud_
This site provides a knowledge base for cloud computing security processes and cloud service provider (CSP) security requirements.
DISA has developed the following DRAFT documents related to Cloud Computing Security and the use/integration of Cloud Computing in DoD which are available for community review and feedback/comments:
• Draft Cloud Computing Security Requirements Guide (SRG), Version 1 Release 2
• Draft Cloud Access Point (CAP) Functional Requirements Document (FRD) V2.2
• Draft Concept of Operations (CONOPS) for Cloud Computer Network Defense (CND) v1
The Draft documents and a Comment Matrix for each (in a .zip file) are available below.
Please provide comments by COB 22 August 2015 on the Comment Matrix associated with each document via one unclassified email for each comment matrix to:
disa.letterkenny.re.mbx.stig-info@mail.mil
Please Note: It is critical that each comment matrix is returned in a separate email with the subject line stating “[Your organization] Comments for [document title]” so we can distribute the comment matrices to the appropriate team for each document and easily identify the source.
The Federal Risk Authorization Management Program (FedRAMP) is launching a site to clear up the cloudy confusion of federal cloud compliance world. The site is fedRAMP.gov and it is intended for federal agencies and vendors of cloud based technologies and services. They will be getting away from the old site: http://cloud.cio.gov/fedramp
According to FedRAMP Director Matt Goodrich, “We’ll be focusing on reaching a broader audience and get into the agencies and vendors who haven’t quite grasped what FedRAMP is and how it benefits them. Using same message over and over again doesn’t work. At FedRAMP, we’ve been doing the same message for 2 1/2 years. We need to shake it up and say it again differently so we’re penetrating the different types of the market and agencies who haven’t quite gotten the message yet.” The site will feature a training program.
What is FedRAMP?
Federal Risk and Authorization Program (FedRAMP) is a risk management program for assessing and monitoring the security of cloud products and services.
FedRAMP focuses on 3 major areas of cloud security:
Why is FedRAMP needed?
The federal government is trying to get away from having each and every agency have their own homemade risk management process. They are trying to save cost and confusion by consolidating and streamlining FedRAMP and other risk management process.
Who does FedRAMP apply to?
FedRAMP PMO – Housed within GSA and responsible for operational management.
NIST – Maintains FISMA standards, and establishes technical standards.
Joint Authorization Board (JAB) – performs rigorous technical reviews of CSP authorization packages for FedRAMP compliance and grants the provisional ATO; members are the CIOs from the Department of Homeland Security (DHS), the General Services Administration (GSA), and the Department of Defense CIO Council; coordinates cross agency communications.
DHS – monitors and reports on security incidents and provides data for continuous monitoring.
Agencies – use the FedRAMP process when conducting risk assessments, security authorizations, and granting an ATO to a cloud service.
Third Party Assessment Organizations – perform initial and ongoing independent verification and validation of the security controls deployed within the Cloud Service Provider’s information system.
Cloud Service Providers – implement the security controls within their products and services needed to meet the security requirements outlined in FedRAMP.