This interactive session is designed to deliver deeper insights into the Federal Risk and Authorization Management Program (FedRAMP), a U.S. Federal Government-wide initiative intended to provide “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services” to be used in support of Federal agency operations. The speakers will update attendees on current FedRAMP progress and ongoing initiatives, as well as a detailed review of the recently received provisional approval to operate (P-ATO) granted to Akamai Technologies. The Akamai approach is distinct among the others approved to date by FedRAMP—as it authorizes core cloud services to operate using Akamai’s highly distributed commercial network. While others are focused on government-only cloud environments, Akamai can offer government-wide accreditation and assurance to the defense and civilian agencies it serves. Plan to attend this session to build on your understanding of FedRAMP and the expanding cloud computing options available to agency professionals—regardless of mission or location. See the full Edge Presentation: http://www.akamai.com/html/custconf/edgetv-forum.html#session-fedramp
Panelists Include: Matthew Goodrich, Matt Mitchell, Christine Schweickert
The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013.
Learn more at http://www.akamai.com/edge
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
1. Federal Risk and Authorization
Management Program (FedRAMP)
Moderator: Fran Trentley, Akamai
Vera Ashworth, US Federal, CGI
Christine Schweickert, Akamai
Matt Mitchel, Knowledge Consulting Group
2. Why FedRAMP?
Problem:
• A duplicative, inconsistent, time consuming,
costly, and inefficient cloud security risk
management approach with little incentive to
leverage existing Authorizations to Operate
(ATOs) among agencies.
Solution: FedRAMP
• Uniform risk management approach
• Standard set of approved, minimum security
controls (FISMA Low and Moderate Impact)
• Consistent assessment process
• Provisional ATO
2
3. FedRAMP Policy Framework
Agency
ATO
FedRAMP
Security
Requirements
OMB A-130
NIST SP 800-37, 800-137,
137,
800-53
eGov Act of 2002 includes
Federal Information Security
Management Act (FISMA)
Agencies leverage FedRAMP process, heads of
agencies understand, accept risk and grant ATOs
FedRAMP builds upon NIST SPs establishing
common cloud computing baseline
supporting risk based decisions
OMB A-130 provide policy, NIST Special
Publications provide risk management
framework
Congress passes FISMA as part of
2002 eGov Act
3
4. FedRAMP Authorizations
Mandatory Federal Requirement
• OMB Policy Memo – December 2011.
• Mandates FedRAMP compliance for all cloud services used by the
Federal government.
Granting Authorizations
• Federal agencies are required by FISMA to individually grant an
ATO.
• Federal agencies must ensure all cloud providers they use meet
the FedRAMP requirements.
Authorizations that meet the FedRAMP requirements:
•
•
•
•
Address the FedRAMP baseline controls
Use the mandatory FedRAMP templates
Are listed within the FedRAMP repository
Have an ATO letter on file with FedRAMP PMO
4