CSP

FedRAMP Announces Update to Plan of Actions and Milestones Template

The Federal Risk and Authorization Management Program has added two new columns to the Plan of Actions and Milestones template to help agency partners track findings related to the Cybersecurity and Infrastructure

More

by Jane Edwards

June 30, 2022

Cybersecurity/News

Alex Stamos Calls for Executive Order on Basic Security Functions in Cloud Offerings

Alex Stamos, partner at the Krebs Stamos Group and a federal advisory committee member at the Cybersecurity and Infrastructure Security Agency, said he believes basic security functions should not be sold as

More

by Jane Edwards

December 15, 2021

Government Technology/News

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance

More

by Jane Edwards

July 15, 2021

Government Technology/News

FedRAMP Issues Guidance on Remote Data Center Testing

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan

More

by Jane Edwards

May 12, 2021

Government Technology/News

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for

More

by Jane Edwards

April 19, 2021

Government Technology/News

DOJ Passes DHS-led Cybersecurity Assessment; Kenneth Bible Quoted

The Department of Justice's (DOJ) Security Operations Center (JSOC) has passed an assessment conducted by the Department of Homeland Security (DHS). DHS said Thursday that its Cybersecurity Service Provider delivered the assessment

More

by Nichols Martin

April 12, 2021

Government Technology/News

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for

More

by Brenda Marie Rivers

March 17, 2021

Cybersecurity/Government Technology/News

Judy Baltensperger, Kevin Cox Share Plans for CISA’s Continuous Diagnostics and Mitigation Program

The Cybersecurity and Infrastructure Security Agency (CISA) plans to provide in 2021 an updated Continuous Diagnostics and Mitigation (CDM) program that could help reduce reporting requirements for agencies while helping them improve

More

by Jane Edwards

December 7, 2020

Government Technology/News

OMB Seeks to Clarify Security Liability in Cloud Contracts; Thomas Santucci Quoted

The Office of Management and Budget (OMB) intends to standardize language in government contracts with cloud service providers to clarify terms with regard to security liability, Nextgov reported Wednesday.

More

by Jane Edwards

May 21, 2020

Government Technology/News

Michael Wooten: Data Sharing Needed Between Government, Cloud Providers

Michael Wooten, administrator of the Office of Management and Budget’s Office of Federal Procurement Policy, said he intends to expand the practice of data sharing between federal agencies and cloud service providers,

More

by Jane Edwards

September 18, 2019