Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
FedRAMP High & AWS GovCloud (US)
FISMA High Requ...
AWS Cloud adoption in the Public Sector
Government Agencies Education Institutions Nonprofit Organizations
2,300 7,000 22,...
AWS global infrastructure
13
Regions
35
Availability
Zones
56
Edge
Locations
AWS GovCloud (US) is an isolated AWS region
Intended for customers with strict regulatory and compliance
requirements and ...
Various types of enterprises use GovCloud
US Government
Federal, state, and local
Consulting firms and
systems integrators...
Example workloads customers run on GovCloud
Web applications
and websites
Backup
and recovery
Archiving Disaster recovery ...
Fit for Controlled Unclassified Information (CUI)
Agriculture Copyright Critical infrastructure
Export control Financial I...
GovCloud is all about “compliance in the cloud”
SP 800-53 (rev 4) and SP 800-171
AWS GovCloud (US) FedRAMP High JAB ATO
Announced June 23, 2016 by FedRAMP PMO and allows
Government agencies to leverage t...
10
eGov Act of 2002 includes
Federal Information Security Management
Act (FISMA)
Agency ATO
Congress passes FISMA
as part ...
Risk Management Framework
Source: NIST 800-53 Rev. 4
NIST Specialist Publication 800-53 rev. 4
• Control specification
• Supplemental Guidance
• Control Enhancements
• Baselin...
However…
“Organizations have flexibility in applying the baseline security
controls in accordance with the guidance provid...
Cloud complicates this approach
Problem:
• A duplicative, inconsistent, time
consuming, costly, and inefficient
cloud secu...
What is FedRAMP?
15
FedRAMP is a government-wide program that provides a
standardized approach to security assessment, aut...
16
eGov Act of 2002 includes
Federal Information Security Management
Act (FISMA)
FedRAMP Security
Requirements
Agency
ATO
...
FedRAMP High
June 23, 2016: AWS received a
P-ATO from the FedRAMP JAB
421 Baseline Controls
Highly sensitive workloads
(PI...
FedRAMP High
Why is this such a big deal?
Low,
Moderate
High
FEDERAL INFORMATION
Low,
Moderate
High
$80B FEDERAL IT BUDGET...
So, FedRAMP authorizes workloads on AWS?
No… Agencies authorize
Authorizations cover specific services and boundaries
Once...
But what happens if a service isn’t authorized?
AWS FedRAMP assets for customers
For US Government Agencies:
• AWS FedRAMP High Package
• Monthly Continuous Monitoring Re...
Getting started with AWS GovCloud (US)
Visit https://aws.amazon.com/govcloud-us/getting-started to
learn about access requ...
Learn more about AWS GovCloud (US)
AWS GovCloud (US) webpage
https://aws.amazon.com/govcloud-us/
AWS GovCloud (US) User Gu...
Thank You.
Próxima SlideShare
Cargando en…5
×

FedRAMP High & AWS GovCloud (US): FISMA High Requirements

3.175 visualizaciones

Publicado el

Agencies with FISMA High workloads have struggled to take advantage of the cost savings and flexibility of true cloud offerings. Now you can address your most stringent regulatory compliance requirements with AWS GovCloud (US). AWS GovCloud (US)* has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP) High baseline

Publicado en: Tecnología
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

FedRAMP High & AWS GovCloud (US): FISMA High Requirements

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FedRAMP High & AWS GovCloud (US) FISMA High Requirements in the Cloud
  2. 2. AWS Cloud adoption in the Public Sector Government Agencies Education Institutions Nonprofit Organizations 2,300 7,000 22,000
  3. 3. AWS global infrastructure 13 Regions 35 Availability Zones 56 Edge Locations
  4. 4. AWS GovCloud (US) is an isolated AWS region Intended for customers with strict regulatory and compliance requirements and sensitive data or workloads August 2011 Available to qualified customers Compliance Safeguard sensitive data/systems Addresses multiple US Government regulations and security requirements
  5. 5. Various types of enterprises use GovCloud US Government Federal, state, and local Consulting firms and systems integrators Technology firms and ISVs Education institutions Research organizations Regulated industries (Aerospace, Defense, Energy, Manufacturing, Healthcare) Nonprofit organizations Managed service providers
  6. 6. Example workloads customers run on GovCloud Web applications and websites Backup and recovery Archiving Disaster recovery Development and test Big data High-performance computing Business/mission critical systems Enterprise IT Mobile
  7. 7. Fit for Controlled Unclassified Information (CUI) Agriculture Copyright Critical infrastructure Export control Financial Immigration Intelligence Law enforcement Legal Nuclear Patent Privacy (PII) Proprietary (IP) Statistical (census) Tax Transportation Many customers use GovCloud for all categories of CUI
  8. 8. GovCloud is all about “compliance in the cloud” SP 800-53 (rev 4) and SP 800-171
  9. 9. AWS GovCloud (US) FedRAMP High JAB ATO Announced June 23, 2016 by FedRAMP PMO and allows Government agencies to leverage the AWS Cloud for highly sensitive workloads and meet FISMA High requirements. High Baseline
  10. 10. 10 eGov Act of 2002 includes Federal Information Security Management Act (FISMA) Agency ATO Congress passes FISMA as part of 2002 eGov Act OMB A-130 FIPS 200, FIPS 199 NIST SP 800-37, 800-137, 800-53 OMB A-130 provides policy, NIST provides risk management framework Agencies leverage RMF process, heads of agencies review packages and risk, accept risk and grant ATOs Source: FedRAMP PMO (modified) US Government IA Policy Framework
  11. 11. Risk Management Framework Source: NIST 800-53 Rev. 4
  12. 12. NIST Specialist Publication 800-53 rev. 4 • Control specification • Supplemental Guidance • Control Enhancements • Baseline Alignment
  13. 13. However… “Organizations have flexibility in applying the baseline security controls in accordance with the guidance provided in Special Publication 800-53. This allows organizations to tailor the relevant security control baseline so that it more closely aligns with their mission and business requirements and environments of operation.” • Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number]; • Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum]; • Prohibits password reuse for [Assignment: organization-defined number] generations
  14. 14. Cloud complicates this approach Problem: • A duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approach with little incentive to leverage existing Authorizations to Operate (ATOs) among agencies. Solution: FedRAMP • Uniform risk management approach • Standard set of approved, minimum security controls (FISMA Low, Moderate, and High Impact) • Consistent assessment process • Provisional ATO Source: FedRAMP PMO (Modified)
  15. 15. What is FedRAMP? 15 FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments. Source: FedRAMP PMO
  16. 16. 16 eGov Act of 2002 includes Federal Information Security Management Act (FISMA) FedRAMP Security Requirements Agency ATO Congress passes FISMA as part of 2002 eGov Act OMB A-130 FIPS 199, FIPS 200 NIST SP 800-37, 800-137, 800-53 OMB A-130 provides policy, NIST provides risk management framework FedRAMP builds upon NIST SPs establishing common cloud computing baseline requirements Agencies leverage FedRAMP process, heads of agencies review packages and risk, accept risk and grant ATOs Source: FedRAMP PMO FedRAMP Policy Framework
  17. 17. FedRAMP High June 23, 2016: AWS received a P-ATO from the FedRAMP JAB 421 Baseline Controls Highly sensitive workloads (PII, financial data, CUI, etc…) Covers five core AWS services “The loss of confidentiality, integrity, or availability could be expected to have severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals” - FIPS 199
  18. 18. FedRAMP High Why is this such a big deal? Low, Moderate High FEDERAL INFORMATION Low, Moderate High $80B FEDERAL IT BUDGET Source: FedRAMP PMO
  19. 19. So, FedRAMP authorizes workloads on AWS? No… Agencies authorize Authorizations cover specific services and boundaries Once one agency authorizes a workload, all agencies can use it? No… Each agency is responsible for ATO issuance Outputs are reusable, but risk assessment is individual
  20. 20. But what happens if a service isn’t authorized?
  21. 21. AWS FedRAMP assets for customers For US Government Agencies: • AWS FedRAMP High Package • Monthly Continuous Monitoring Reviews For AWS Customers and Partners: • Partner Package for FedRAMP High For Everyone: • AWS Partner Ecosystem • AWS Professional Services • Enterprise Accelerators for Compliance (AWS QuickStarts) • Whitepapers
  22. 22. Getting started with AWS GovCloud (US) Visit https://aws.amazon.com/govcloud-us/getting-started to learn about access requirements and begin using GovCloud Resellers contact your AWS business representative to get started
  23. 23. Learn more about AWS GovCloud (US) AWS GovCloud (US) webpage https://aws.amazon.com/govcloud-us/ AWS GovCloud (US) User Guide http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html AWS Cloud Compliance https://aws.amazon.com/compliance/ AWS NIST Quick Start Reference Deployment https://aws.amazon.com/professional-services/enterprise-accelerators/
  24. 24. Thank You.

×