SlideShare a Scribd company logo

Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel

Akamai Technologies
Akamai Technologies

This interactive session is designed to deliver deeper insights into the Federal Risk and Authorization Management Program (FedRAMP), a U.S. Federal Government-wide initiative intended to provide “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services” to be used in support of Federal agency operations. The speakers will update attendees on current FedRAMP progress and ongoing initiatives, as well as a detailed review of the recently received provisional approval to operate (P-ATO) granted to Akamai Technologies. The Akamai approach is distinct among the others approved to date by FedRAMP—as it authorizes core cloud services to operate using Akamai’s highly distributed commercial network. While others are focused on government-only cloud environments, Akamai can offer government-wide accreditation and assurance to the defense and civilian agencies it serves. Plan to attend this session to build on your understanding of FedRAMP and the expanding cloud computing options available to agency professionals—regardless of mission or location. See the full Edge Presentation: http://www.akamai.com/html/custconf/edgetv-forum.html#session-fedramp Panelists Include: Matthew Goodrich, Matt Mitchell, Christine Schweickert The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013. Learn more at http://www.akamai.com/edge

TechnologyEconomy & Finance
1 of 10
Download to read offline
Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group
Why FedRAMP? Problem: • A duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approach with little incentive to leverage existing Authorizations to Operate (ATOs) among agencies. Solution: FedRAMP • Uniform risk management approach • Standard set of approved, minimum security controls (FISMA Low and Moderate Impact) • Consistent assessment process • Provisional ATO 2
FedRAMP Policy Framework Agency ATO FedRAMP Security Requirements OMB A-130 NIST SP 800-37, 800-137, 137, 800-53 eGov Act of 2002 includes Federal Information Security Management Act (FISMA) Agencies leverage FedRAMP process, heads of agencies understand, accept risk and grant ATOs FedRAMP builds upon NIST SPs establishing common cloud computing baseline supporting risk based decisions OMB A-130 provide policy, NIST Special Publications provide risk management framework Congress passes FISMA as part of 2002 eGov Act 3
FedRAMP Authorizations Mandatory Federal Requirement • OMB Policy Memo – December 2011. • Mandates FedRAMP compliance for all cloud services used by the Federal government. Granting Authorizations • Federal agencies are required by FISMA to individually grant an ATO. • Federal agencies must ensure all cloud providers they use meet the FedRAMP requirements. Authorizations that meet the FedRAMP requirements: • • • • Address the FedRAMP baseline controls Use the mandatory FedRAMP templates Are listed within the FedRAMP repository Have an ATO letter on file with FedRAMP PMO 4
JAB FedRAMP Governance Model: Focus on Security and Transparency In October 2010, the White House launched the Federal Risk and SM Authorization Management Program (FedRAMP ) • • Provides framework for a standard and secure approach to Assessing and Authorizing (A&A) cloud computing services and products Allows joint authorizations and continuous security monitoring services for Government/Private cloud computing systems intended for multi-agency use ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
Only 1 Path to ATO is JAB Granted & Requires Continuous Monitoring, Future FedRAMP Compliance Higher Level of Review (lower risk for Government) ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
Total Cost of Ownership: Who Pays Over Time? Look beyond compute cost comparisons to know what you are signing up for in the long term CGI Proprietary Information ©2013 AKAMAI | FASTER FORWARDTM
Akamai FedRAMP Akamai was awarded an JAB P-ATO on August 26, 2013 under FedRAMP assessment package number F1206061353. Akamai C&A documentation will be found in the FedRAMP repository. Our Government customers should plan on leveraging the FedRAMP repository to view our SSP, and associated documentation. This link shows the process: http://www.gsa.gov/portal/content/133763. Service Name: Akamai Content Delivery Network (Akamai CDN) Service Model: Infrastructure as a Service (IaaS) Deployment Model: Public Cloud The Akamai FedRAMP accreditation boundary includes: • the HTTP (Content Delivery) Edge Servers • the HTTPS (Secure Content Delivery) Edge servers • NetStorage • HD Streaming • Global Traffic Management (GTM) System • Enhanced DNS Service with DNSSEC • the Luna Control Center Portal • Additionally, the Akamai NOCC, Akamai Domain Name Servers, and the Akamai internal systems: KMI, Authgate, and AMS. Impact Level: Moderate Authorization Date: August 22, 2013 (JAB Provisional Authorization) Package ID: F1206061353 3PAO: Knowledge Consulting Group, Inc. (KCG) FedRAMP Accredited) Contact Information: Christine Schweickert cschweic@akamai.com ©2013 AKAMAI | FASTER FORWARDTM
One of the largest pure cyber security services companies Over 260 information security professionals Expertise in each of the major domains of cybersecurity: Governance & Risk Management Compliance Operations Cyber attack simulation and exploitation Supporting over 15 agencies along with leading private sector clients: Hi-tech Financial services Cloud providers Power and energy Matt Mitchell: Director- Risk Advisory Services Contact: matt.mitchell@knowledgecg.com Leads KCG’ FedRAMP services practice 15 years of public and private security experience Currently supporting leading cloud providers: Develop and execute cloud security and compliance management strategies Implement security, compliance, and risk management programs Implement security governance and workforce transformation programs Build and manage rationalized compliance control frameworks: FedRAMP, NIST, PCI DSS, SOC2, SOX, HIPAA, ISO, BITS ©2013 AKAMAI | FASTER FORWARDTM
Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group ©2013 AKAMAI | FASTER FORWARDTM

Recommended

FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
Amazon Web Services
 
Implementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWSImplementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWS
Amazon Web Services
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWS
Amazon Web Services
 
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Amazon Web Services
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
Amazon Web Services
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 

Recommended

FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
Amazon Web Services
 
Implementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWSImplementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWS
Amazon Web Services
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWS
Amazon Web Services
 
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Amazon Web Services
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
Amazon Web Services
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Symosis Security (Previously C-Level Security)
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Trish McGinity, CCSK
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
Josh Tullo
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
Ajai Srivastava
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Cyrus Sorab
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Amazon Web Services
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
prevalentnetworks
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
Hudson Valley Public Relations
 
Practical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and ExamplesPractical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and Examples
Amazon Web Services
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Happiest Minds Technologies
 
"System of Systems" and their impact on EAM Maturity
"System of Systems" and their impact on EAM Maturity"System of Systems" and their impact on EAM Maturity
"System of Systems" and their impact on EAM Maturity
Cyrus Sorab
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar final
ControlCase
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
Tuan Phan
 
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
Amazon Web Services
 
Security Readiness Profile
Security Readiness ProfileSecurity Readiness Profile
Security Readiness Profile
pds2k.com
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
Tripwire
 
Cisco at v mword 2015
Cisco at v mword 2015Cisco at v mword 2015
Cisco at v mword 2015
ldangelo0772
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
Marc St-Pierre
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
Ameritech Systems Corporation
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summits
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solution
rickkaun
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
Tuan Phan
 
A Closer Look on C&C Panels
A Closer Look on C&C PanelsA Closer Look on C&C Panels
A Closer Look on C&C Panels
Tandhy Simanjuntak
 

More Related Content

What's hot

Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
Josh Tullo
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Cyrus Sorab
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
Tuan Phan
 
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
Amazon Web Services
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
Tripwire
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summits
 

What's hot (20)

Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
Practical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and ExamplesPractical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and Examples
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
"System of Systems" and their impact on EAM Maturity
"System of Systems" and their impact on EAM Maturity"System of Systems" and their impact on EAM Maturity
"System of Systems" and their impact on EAM Maturity
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar final
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
 
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...
 
Security Readiness Profile
Security Readiness ProfileSecurity Readiness Profile
Security Readiness Profile
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
 
Cisco at v mword 2015
Cisco at v mword 2015Cisco at v mword 2015
Cisco at v mword 2015
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solution
 

Viewers also liked

Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
Tuan Phan
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
GovCloud Network
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training
1ECG
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 

Viewers also liked (12)

Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
 
A Closer Look on C&C Panels
A Closer Look on C&C PanelsA Closer Look on C&C Panels
A Closer Look on C&C Panels
 
Azure gov march 15th
Azure gov march 15thAzure gov march 15th
Azure gov march 15th
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 

Similar to Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel

Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Amazon Web Services
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
Phil Agcaoili
 
DESAYUNO DE TRABAJO AKAMAI
DESAYUNO DE TRABAJO AKAMAIDESAYUNO DE TRABAJO AKAMAI
DESAYUNO DE TRABAJO AKAMAI
Cristian Garcia G.
 
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
SLA-Ready Network
 
IBM Sametime and Facetime
IBM Sametime and FacetimeIBM Sametime and Facetime
IBM Sametime and Facetime
Chris Sparshott
 

Similar to Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel (20)

FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Cloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military SectorsCloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military Sectors
 
Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
ERP IN CLOUD
ERP IN CLOUDERP IN CLOUD
ERP IN CLOUD
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
DESAYUNO DE TRABAJO AKAMAI
DESAYUNO DE TRABAJO AKAMAIDESAYUNO DE TRABAJO AKAMAI
DESAYUNO DE TRABAJO AKAMAI
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
Tier 1 WMS in the Cloud
Tier 1 WMS in the CloudTier 1 WMS in the Cloud
Tier 1 WMS in the Cloud
 
Mythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud JourneyMythbusting the Federal Cloud Journey
Mythbusting the Federal Cloud Journey
 
Pinning Down Cloud Computing
Pinning Down Cloud ComputingPinning Down Cloud Computing
Pinning Down Cloud Computing
 
DeepArmor
DeepArmorDeepArmor
DeepArmor
 
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
IBM Sametime and Facetime
IBM Sametime and FacetimeIBM Sametime and Facetime
IBM Sametime and Facetime
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption survey
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishing
 

More from Akamai Technologies

Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven Differentiation
Akamai Technologies
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Akamai Technologies
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBay
Akamai Technologies
 

More from Akamai Technologies (20)

Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
 
Replacing recovery with resilience
Replacing recovery with resilienceReplacing recovery with resilience
Replacing recovery with resilience
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven Differentiation
 
3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
 
새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유
 
更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由
 
应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因
 
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
 
3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto
 
3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto
 
3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance
 
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
 
3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs
 
Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2
 
Chicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWDChicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWD
 
Chicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesChicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden Features
 
Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBay
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 

Recently uploaded (20)

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 

Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel

  • 1. Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group
  • 2. Why FedRAMP? Problem: • A duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approach with little incentive to leverage existing Authorizations to Operate (ATOs) among agencies. Solution: FedRAMP • Uniform risk management approach • Standard set of approved, minimum security controls (FISMA Low and Moderate Impact) • Consistent assessment process • Provisional ATO 2
  • 3. FedRAMP Policy Framework Agency ATO FedRAMP Security Requirements OMB A-130 NIST SP 800-37, 800-137, 137, 800-53 eGov Act of 2002 includes Federal Information Security Management Act (FISMA) Agencies leverage FedRAMP process, heads of agencies understand, accept risk and grant ATOs FedRAMP builds upon NIST SPs establishing common cloud computing baseline supporting risk based decisions OMB A-130 provide policy, NIST Special Publications provide risk management framework Congress passes FISMA as part of 2002 eGov Act 3
  • 4. FedRAMP Authorizations Mandatory Federal Requirement • OMB Policy Memo – December 2011. • Mandates FedRAMP compliance for all cloud services used by the Federal government. Granting Authorizations • Federal agencies are required by FISMA to individually grant an ATO. • Federal agencies must ensure all cloud providers they use meet the FedRAMP requirements. Authorizations that meet the FedRAMP requirements: • • • • Address the FedRAMP baseline controls Use the mandatory FedRAMP templates Are listed within the FedRAMP repository Have an ATO letter on file with FedRAMP PMO 4
  • 5. JAB FedRAMP Governance Model: Focus on Security and Transparency In October 2010, the White House launched the Federal Risk and SM Authorization Management Program (FedRAMP ) • • Provides framework for a standard and secure approach to Assessing and Authorizing (A&A) cloud computing services and products Allows joint authorizations and continuous security monitoring services for Government/Private cloud computing systems intended for multi-agency use ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
  • 6. Only 1 Path to ATO is JAB Granted & Requires Continuous Monitoring, Future FedRAMP Compliance Higher Level of Review (lower risk for Government) ©2013 AKAMAI | FASTER FORWARDTM CGI Proprietary Information
  • 7. Total Cost of Ownership: Who Pays Over Time? Look beyond compute cost comparisons to know what you are signing up for in the long term CGI Proprietary Information ©2013 AKAMAI | FASTER FORWARDTM
  • 8. Akamai FedRAMP Akamai was awarded an JAB P-ATO on August 26, 2013 under FedRAMP assessment package number F1206061353. Akamai C&A documentation will be found in the FedRAMP repository. Our Government customers should plan on leveraging the FedRAMP repository to view our SSP, and associated documentation. This link shows the process: http://www.gsa.gov/portal/content/133763. Service Name: Akamai Content Delivery Network (Akamai CDN) Service Model: Infrastructure as a Service (IaaS) Deployment Model: Public Cloud The Akamai FedRAMP accreditation boundary includes: • the HTTP (Content Delivery) Edge Servers • the HTTPS (Secure Content Delivery) Edge servers • NetStorage • HD Streaming • Global Traffic Management (GTM) System • Enhanced DNS Service with DNSSEC • the Luna Control Center Portal • Additionally, the Akamai NOCC, Akamai Domain Name Servers, and the Akamai internal systems: KMI, Authgate, and AMS. Impact Level: Moderate Authorization Date: August 22, 2013 (JAB Provisional Authorization) Package ID: F1206061353 3PAO: Knowledge Consulting Group, Inc. (KCG) FedRAMP Accredited) Contact Information: Christine Schweickert cschweic@akamai.com ©2013 AKAMAI | FASTER FORWARDTM
  • 9. One of the largest pure cyber security services companies Over 260 information security professionals Expertise in each of the major domains of cybersecurity: Governance & Risk Management Compliance Operations Cyber attack simulation and exploitation Supporting over 15 agencies along with leading private sector clients: Hi-tech Financial services Cloud providers Power and energy Matt Mitchell: Director- Risk Advisory Services Contact: matt.mitchell@knowledgecg.com Leads KCG’ FedRAMP services practice 15 years of public and private security experience Currently supporting leading cloud providers: Develop and execute cloud security and compliance management strategies Implement security, compliance, and risk management programs Implement security governance and workforce transformation programs Build and manage rationalized compliance control frameworks: FedRAMP, NIST, PCI DSS, SOC2, SOX, HIPAA, ISO, BITS ©2013 AKAMAI | FASTER FORWARDTM
  • 10. Federal Risk and Authorization Management Program (FedRAMP) Moderator: Fran Trentley, Akamai Vera Ashworth, US Federal, CGI Christine Schweickert, Akamai Matt Mitchel, Knowledge Consulting Group ©2013 AKAMAI | FASTER FORWARDTM