SlideShare una empresa de Scribd logo

FedRAMP Certification & FedRAMP Marketplace

Descargar como PPTX, PDF
ControlCase
ControlCase

This document discusses FedRAMP certification and how ControlCase can help organizations achieve it. FedRAMP is a government program that provides a standardized approach to assessing and authorizing cloud services used by the federal government. ControlCase offers FedRAMP certification services using a four-phase methodology to guide clients through the certification process, which can take 6 months or more and involves developing security documentation, independent assessments, and continuous monitoring once certified. ControlCase aims to streamline compliance and provide continuous visibility into an organization's posture.

Gobierno y org. sin ánimo de lucro
1 de 33
YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download FedRAMP Compliance Checklist FedRAMP Certification Blog FedRAMP Certification & FedRAMP Marketplace WEBINAR:
Who Does FedRAMP Apply To? ControlCase Introduction What Is FedRAMP? What Is FedRAMP Marketplace? How Hard Is It To Get FedRAMP Certified? How Long Does The FedRAMP Process Take? How To Get FedRAMP Certified? ControlCase Methodology For FedRAMP Compliance Why ControlCase AGENDA © 2020 ControlCase. All Rights Reserved. 2 4 1 2 3 5 6 7 8 9
1 © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution Certification and Continuous Compliance Services © 2020 ControlCase. All Rights Reserved. 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
2 © 2020 ControlCase. All Rights Reserved. 7 What is FedRAMP?
FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FedRAMP): FedRAMP prescribes the security requirements & processes cloud service providers must follow in order for the government to use their services. • Established in 2012 by the Office of Management and Budget (OMB). FedRAMP empowers government agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions. • Provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. • Uses NIST SP 800-53 standard as security baseline. • Similar to FISMA, but for Cloud Security. What is FedRAMP? © 2020 ControlCase. All Rights Reserved. 8
PROGRAM MANAGEMENT OFFICE (PMO) • Resides within GSA and supports agencies and cloud service providers through the FedRAMP authorization process. • Maintains a secure repository of FedRAMP authorizations to enable reuse of security packages. JOINT AUTHORIZATION BOARD (JAB) • Primary governance and decision-making body for FedRAMP. • Members include the chief information officers (CIOs) from the Department of Defense, Department of Homeland Security, and General Services Administration. FedRAMP Entities © 2020 ControlCase. All Rights Reserved. 9
FedRAMP Stakeholders © 2020 ControlCase. All Rights Reserved. 10 FEDERAL AGENCIES • Contract with Cloud Service Provider • Leverage ATO or use FedRAMP process when authorizing • Implement consumer controls FedRAMP PMO & JAB • Establish processes and standards for security authorizations • Maintain secure repository of available security packages • Provisionally authorize systems that have greatest ability to be leveraged government-wide CLOUD SERVICE PROVIDER • Implement and document security • Use independent Assessor • Monitor security • Provide artifacts 3PAOs (Third Party Assessment Organizations) • Cloud auditor, maintains independence from CSP • Performs initial and periodic assessment of FedRAMP controls • Does NOT assist in creation of control documentation
FedRAMP USES NIST 800-53 CONTROLS • A standard published by the National Institute of Standards and Technology (NIST), which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. • Used as the information security standard for both FISMA and FedRAMP. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 11
3 © 2020 ControlCase. All Rights Reserved. 12 What is FedRAMP Marketplace?
FedRAMP MARKETPLACE Database of Cloud Service Offerings (CSOs) Database of FedRAMP Accredited auditors Maintained by the FedRAMP Program Management Office (PMO) FedRAMP Marketplace © 2020 ControlCase. All Rights Reserved. 13
4 © 2020 ControlCase. All Rights Reserved. 14 Who does FedRAMP apply to?
Any cloud services that hold federal data must be FedRAMP Authorized. Who does FedRAMP apply to? © 2020 ControlCase. All Rights Reserved. 15
5 © 2020 ControlCase. All Rights Reserved. 16 How hard is it to get FedRAMP certified?
How is FedRAMP Certified There are two types of FedRAMP authorizations: a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) and an Agency Authority to Operate (ATO). © 2020 ControlCase. All Rights Reserved. 17 AGENCY AUTHORITY TO OPERATE (ATO) • Issued by the agency only. • Agencies have varying levels of risk acceptance. • Agency monitors the CSPs continuous monitoring activities. • Typically use a 3PAO, like ControlCase, to perform independent testing. PROVISIONAL AUTHORITY TO OPERATE (P-ATO) • Issued by the Joint Authorization Board. • Prioritizes authorizing cloud services that will be widely used across government. • CIOs of DoD, DHS and GSA must agree that the CSP meets all controls and presents an acceptable risk posture for use across the federal government. • Conveys a baseline level of likely acceptability for government-wide use. • CSPs must use an accredited Third-Party Assessor Organization (3PAO). • FedRAMP PMO manages continuous monitoring activities.
FedRAMP is based on the NIST 800-53 Controls Domains Include: © 2020 ControlCase. All Rights Reserved. 18 Anti-Malware Configuration Management Incident Response Policies & Procedures Third-Party Management Application Security Data Encryption at Rest Logging & Monitoring Privacy Business Continuity Plan Governance & Compliance Logical Access Risk Assessment Change Management HR Physical Security Security Testing
6 © 2020 ControlCase. All Rights Reserved. 19 How long does the FedRAMP process take?
FedRAMP Timeline © 2020 ControlCase. All Rights Reserved. 20 1 DOCUMENT SSP NIST RMF 1, 2, 3 JAB P-ATO 2 ASSESS SAP / Testing NIST RMF 4 3 AUTHORIZE SAR / POA&M NIST RMF 5 4 MONITOR CON MON Reports NIST RMF 6 6+ MONTHS AGENCY ATOs 3+ MONTHS
7 © 2020 ControlCase. All Rights Reserved. 21 How to get FedRAMP certified?
FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 22 1 CATEGORIZE THE INFORMATION SYSTEM Low, Moderate, High Impact 2 SELECT THE CONTROLS FedRAMP Low, Moderate, High Baseline 3 IMPLEMENT SECURITY CONTROLS Describe in SSP 4 ASSESS THE SECURITY CONTROLS Use of an Independent Assessor (3PAO) 5 AUTHORIZE INFORMATION SYSTEM Provisional ATO / Agency ATO 6 MONITOR SECURITY CONTROLS Continuous Monitoring NIST RMF
FedRAMP JAB P-ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 23 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE READINESS ASSESSMENT & FedRAMP CONNECT 2 PHASE FULL SECURITY ASSESSMENT CSP DEPENDENT 4+ MONTH CONTINUOUS MONITORING ˜ 1 WEEK ˜ 3 WEEKS ˜ 3 WEEKS ˜ 4 WEEKS FedRAMP Ready & Prioritized for JAB ATO Kick-Off Review Remediation Final Review • Readiness Assessment Report • FedRAMP Connect Business Case Security Authorization Package * A CSP must be prioritized by the JAB before entering the JAB P-ATO process. The CSP can obtain FedRAMP Ready status either before or after the JAB’s prioritization. SSP SAP SAR POA&M
Monthly Continuous Monitoring Deliverables SAP Development FedRAMP Agency ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 24 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE PARTNERSHIP ESTABLISHMENT 2 PHASE FULL SECURITY ASSESSMENT FedRAMP Authorization Kick-Off SAR Debrief Agency ATO * SAP & SAR are completed by the 3PAO. CONTINUOUS MONITORING REMEDIATION (IF NEEDED) FedRAMP PMO REVIEW AGENCY FINAL REVIEW REMEDIATION AGENCY REVIEW OF POA&M ASSESSMENT AGENCY REVIEW OF SAP AGENCY REVIEW OF SSP AUTHORIZATION PLANNING IN PROCESS DESIGNATION SSP Development SAR POA&M Development
FedRAMP Continuous Monitoring ATO AUTHORIZATION PACKAGE © 2020 ControlCase. All Rights Reserved. 25 MONTHLY ANNUAL ONGOING CSP OPERATIONAL VISIBILITY • Periodic assessment of controls • Updated documentation • Ongoing authorization decision • Annual Assessment – Partial control set (SAP/SAR/POA&M/Updated docs) • Vulnerability Scans (OS/WEB/DB) • POA&M • Deviation Requests (OR/FP/RA)
8 © 2020 ControlCase. All Rights Reserved. 26 ControlCase methodology for FedRAMP certification?
ControlCase Methodology for FedRAMP Certification As a 3PAO, ControlCase will independently verify and validate the control implementation and test results for your organization using a four-phase approach. Each phase will have a specific set of tasks and deliverables required to guide you, through the FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) process. © 2020 ControlCase. All Rights Reserved. 27 1 PHASE READINESS ASSESSMENT SSP / RAR JAB P-ATO 2 PHASE FULL SECURITY ASSESSMENT SAP / SAR / Testing 3 PHASE AUTHORIZATION PROCESS SSP / SAP / SAR / POA&M 4 PHASE CONTINUOUS MONITORING SAP / SAR 6+ MONTHS
Deliverables © 2020 ControlCase. All Rights Reserved. 28 • SAP - Security Assessment Plan • SAR - Security Assessment Report • SSP - System Security Plan • RMF - Risk Management Framework DOCUMENT SSP MONITOR AUTHORIZE ACCESS SAP & Testing SAR Continuous Monitoring NIST RMF 1,2,3 4 5 6
9 © 2020 ControlCase. All Rights Reserved. 29 Why ControlCase?
One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 30 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity FedRAMP HIPAA PCI P2PE GDPR NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA
Areas of Focus for Continuous Compliance Management © 2020 ControlCase. All Rights Reserved. 31 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved.
Summary – Why ControlCase © 2020 ControlCase. All Rights Reserved. 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com Download FedRAMP Compliance Checklist FedRAMP Certification Blog

Recomendados

DataOps: Estendendo as práticas de DevOps para BigData
DataOps: Estendendo as práticas de DevOps para BigDataDataOps: Estendendo as práticas de DevOps para BigData
DataOps: Estendendo as práticas de DevOps para BigDataEduardo Hahn
 
Crafting Your Product Strategy
Crafting Your Product StrategyCrafting Your Product Strategy
Crafting Your Product StrategyRyan Glasgow
 
VTSP-SD-WAN-2019
VTSP-SD-WAN-2019VTSP-SD-WAN-2019
VTSP-SD-WAN-2019Necip TOMURCUK
 
How To Make Pp Slides
How To Make Pp SlidesHow To Make Pp Slides
How To Make Pp Slideselavolet
 
GDC Talk: Lifetime Value: The long tail of Mid-Core games
GDC Talk: Lifetime Value: The long tail of Mid-Core gamesGDC Talk: Lifetime Value: The long tail of Mid-Core games
GDC Talk: Lifetime Value: The long tail of Mid-Core gamesTamara (Tammy) Levy
 
Video Games Industry Overview
Video Games Industry OverviewVideo Games Industry Overview
Video Games Industry OverviewMedia Studies
 
Video game proposal
Video game proposalVideo game proposal
Video game proposalmissstevenson01
 
Cracking the Product Manager Interview
Cracking the Product Manager InterviewCracking the Product Manager Interview
Cracking the Product Manager InterviewGayle McDowell
 

Recomendados

DataOps: Estendendo as práticas de DevOps para BigData
DataOps: Estendendo as práticas de DevOps para BigDataDataOps: Estendendo as práticas de DevOps para BigData
DataOps: Estendendo as práticas de DevOps para BigDataEduardo Hahn
 
Crafting Your Product Strategy
Crafting Your Product StrategyCrafting Your Product Strategy
Crafting Your Product StrategyRyan Glasgow
 
VTSP-SD-WAN-2019
VTSP-SD-WAN-2019VTSP-SD-WAN-2019
VTSP-SD-WAN-2019Necip TOMURCUK
 
How To Make Pp Slides
How To Make Pp SlidesHow To Make Pp Slides
How To Make Pp Slideselavolet
 
GDC Talk: Lifetime Value: The long tail of Mid-Core games
GDC Talk: Lifetime Value: The long tail of Mid-Core gamesGDC Talk: Lifetime Value: The long tail of Mid-Core games
GDC Talk: Lifetime Value: The long tail of Mid-Core gamesTamara (Tammy) Levy
 
Video Games Industry Overview
Video Games Industry OverviewVideo Games Industry Overview
Video Games Industry OverviewMedia Studies
 
Video game proposal
Video game proposalVideo game proposal
Video game proposalmissstevenson01
 
Cracking the Product Manager Interview
Cracking the Product Manager InterviewCracking the Product Manager Interview
Cracking the Product Manager InterviewGayle McDowell
 
Introdução sobre desenvolvimento de games
Introdução sobre desenvolvimento de gamesIntrodução sobre desenvolvimento de games
Introdução sobre desenvolvimento de gamesRodrigo Rodrigues
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program ManagementSudipta Lahiri
 
Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?Laurent Auneau
 
Future Of Video Games
Future Of Video GamesFuture Of Video Games
Future Of Video GamesJigna Choksi
 
Product management foundations
Product management foundationsProduct management foundations
Product management foundationsPooja T R
 
MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]Dominik Obermaier
 
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCarFighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCarTheFamily
 
Managing Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and ConfluenceManaging Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and ConfluenceAtlassian
 
Le product designer by Thiga
Le product designer by ThigaLe product designer by Thiga
Le product designer by ThigaThiga
 
game development
game developmentgame development
game developmentumair khan
 
Video Game Design: Art & Sound
Video Game Design: Art & SoundVideo Game Design: Art & Sound
Video Game Design: Art & SoundKevin Duggan
 
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Jessica Tams
 
Xbox 360
Xbox 360Xbox 360
Xbox 360TbSk121
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesSungwon Lee
 
Epic Fails in LiveOps
Epic Fails in LiveOpsEpic Fails in LiveOps
Epic Fails in LiveOpsJames Gwertzman
 
2023 Gaming Report.pdf
2023 Gaming Report.pdf2023 Gaming Report.pdf
2023 Gaming Report.pdfdigitalinasia
 
Brand audit report
Brand audit reportBrand audit report
Brand audit reportUdit Jain
 
Saatchi S Gamification Study
Saatchi S Gamification StudySaatchi S Gamification Study
Saatchi S Gamification StudySaatchi & Saatchi S
 
[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep Dive[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep DiveJi-Woong Choi
 
Zebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do SoftwareZebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do SoftwareUseZ
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 

Más contenido relacionado

La actualidad más candente

Introdução sobre desenvolvimento de games
Introdução sobre desenvolvimento de gamesIntrodução sobre desenvolvimento de games
Introdução sobre desenvolvimento de gamesRodrigo Rodrigues
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program ManagementSudipta Lahiri
 
Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?Laurent Auneau
 
Future Of Video Games
Future Of Video GamesFuture Of Video Games
Future Of Video GamesJigna Choksi
 
Product management foundations
Product management foundationsProduct management foundations
Product management foundationsPooja T R
 
MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]Dominik Obermaier
 
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCarFighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCarTheFamily
 
Managing Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and ConfluenceManaging Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and ConfluenceAtlassian
 
Le product designer by Thiga
Le product designer by ThigaLe product designer by Thiga
Le product designer by ThigaThiga
 
game development
game developmentgame development
game developmentumair khan
 
Video Game Design: Art & Sound
Video Game Design: Art & SoundVideo Game Design: Art & Sound
Video Game Design: Art & SoundKevin Duggan
 
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Jessica Tams
 
Xbox 360
Xbox 360Xbox 360
Xbox 360TbSk121
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesSungwon Lee
 
2023 Gaming Report.pdf
2023 Gaming Report.pdf2023 Gaming Report.pdf
2023 Gaming Report.pdfdigitalinasia
 
Brand audit report
Brand audit reportBrand audit report
Brand audit reportUdit Jain
 
[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep Dive[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep DiveJi-Woong Choi
 
Zebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do SoftwareZebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do SoftwareUseZ
 

La actualidad más candente (20)

Introdução sobre desenvolvimento de games
Introdução sobre desenvolvimento de gamesIntrodução sobre desenvolvimento de games
Introdução sobre desenvolvimento de games
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program Management
 
Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?Combien coûte un (bon) serious game ?
Combien coûte un (bon) serious game ?
 
Future Of Video Games
Future Of Video GamesFuture Of Video Games
Future Of Video Games
 
Product management foundations
Product management foundationsProduct management foundations
Product management foundations
 
MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]MQTT Deep Dive Workshop [GERMAN]
MQTT Deep Dive Workshop [GERMAN]
 
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCarFighting complexity by Rémi Guyot, VP Product @BlaBlaCar
Fighting complexity by Rémi Guyot, VP Product @BlaBlaCar
 
Managing Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and ConfluenceManaging Product Development Chaos with Jira Software and Confluence
Managing Product Development Chaos with Jira Software and Confluence
 
Le product designer by Thiga
Le product designer by ThigaLe product designer by Thiga
Le product designer by Thiga
 
game development
game developmentgame development
game development
 
Video Game Design: Art & Sound
Video Game Design: Art & SoundVideo Game Design: Art & Sound
Video Game Design: Art & Sound
 
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
Improving LTV with Personalized Live Ops Offers: Hill Climb Racing 2 Case Stu...
 
Xbox 360
Xbox 360Xbox 360
Xbox 360
 
Running gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on KubernetesRunning gRPC Services for Serving Legacy API on Kubernetes
Running gRPC Services for Serving Legacy API on Kubernetes
 
Epic Fails in LiveOps
Epic Fails in LiveOpsEpic Fails in LiveOps
Epic Fails in LiveOps
 
2023 Gaming Report.pdf
2023 Gaming Report.pdf2023 Gaming Report.pdf
2023 Gaming Report.pdf
 
Brand audit report
Brand audit reportBrand audit report
Brand audit report
 
Saatchi S Gamification Study
Saatchi S Gamification StudySaatchi S Gamification Study
Saatchi S Gamification Study
 
[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep Dive[오픈소스컨설팅]Atlassian JIRA Deep Dive
[오픈소스컨설팅]Atlassian JIRA Deep Dive
 
Zebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do SoftwareZebra Designer PRO - Manual do Software
Zebra Designer PRO - Manual do Software
 

Similar a FedRAMP Certification & FedRAMP Marketplace

Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMPRay Potter
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...Amazon Web Services
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlanEmbedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlanInflectra
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaLexComply
 
How Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsHow Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsWorksoft
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)Wendy Knox Everette
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyRob Johnston, MBA
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...D. Scott Clark
 

Similar a FedRAMP Certification & FedRAMP Marketplace (20)

Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlanEmbedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
 
How Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsHow Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP Projects
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
 

Más de ControlCase

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 

Más de ControlCase (20)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 

Último

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Call Girls in Nagpur High Profile
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCNAP Global Network
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'NAP Global Network
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...ranjana rawat
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfahcitycouncil
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30JSchaus & Associates
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCNAP Global Network
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...nservice241
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.Christina Parmionova
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...tanu pandey
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfSamirsinh Parmar
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterChristina Parmionova
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginningsinfo695895
 

Último (20)

Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCC
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - Poster
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
 

FedRAMP Certification & FedRAMP Marketplace

  • 1. YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download FedRAMP Compliance Checklist FedRAMP Certification Blog FedRAMP Certification & FedRAMP Marketplace WEBINAR:
  • 2. Who Does FedRAMP Apply To? ControlCase Introduction What Is FedRAMP? What Is FedRAMP Marketplace? How Hard Is It To Get FedRAMP Certified? How Long Does The FedRAMP Process Take? How To Get FedRAMP Certified? ControlCase Methodology For FedRAMP Compliance Why ControlCase AGENDA © 2020 ControlCase. All Rights Reserved. 2 4 1 2 3 5 6 7 8 9
  • 3. 1 © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
  • 4. ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 5. Solution Certification and Continuous Compliance Services © 2020 ControlCase. All Rights Reserved. 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 6. Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
  • 7. 2 © 2020 ControlCase. All Rights Reserved. 7 What is FedRAMP?
  • 8. FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FedRAMP): FedRAMP prescribes the security requirements & processes cloud service providers must follow in order for the government to use their services. • Established in 2012 by the Office of Management and Budget (OMB). FedRAMP empowers government agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions. • Provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. • Uses NIST SP 800-53 standard as security baseline. • Similar to FISMA, but for Cloud Security. What is FedRAMP? © 2020 ControlCase. All Rights Reserved. 8
  • 9. PROGRAM MANAGEMENT OFFICE (PMO) • Resides within GSA and supports agencies and cloud service providers through the FedRAMP authorization process. • Maintains a secure repository of FedRAMP authorizations to enable reuse of security packages. JOINT AUTHORIZATION BOARD (JAB) • Primary governance and decision-making body for FedRAMP. • Members include the chief information officers (CIOs) from the Department of Defense, Department of Homeland Security, and General Services Administration. FedRAMP Entities © 2020 ControlCase. All Rights Reserved. 9
  • 10. FedRAMP Stakeholders © 2020 ControlCase. All Rights Reserved. 10 FEDERAL AGENCIES • Contract with Cloud Service Provider • Leverage ATO or use FedRAMP process when authorizing • Implement consumer controls FedRAMP PMO & JAB • Establish processes and standards for security authorizations • Maintain secure repository of available security packages • Provisionally authorize systems that have greatest ability to be leveraged government-wide CLOUD SERVICE PROVIDER • Implement and document security • Use independent Assessor • Monitor security • Provide artifacts 3PAOs (Third Party Assessment Organizations) • Cloud auditor, maintains independence from CSP • Performs initial and periodic assessment of FedRAMP controls • Does NOT assist in creation of control documentation
  • 11. FedRAMP USES NIST 800-53 CONTROLS • A standard published by the National Institute of Standards and Technology (NIST), which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. • Used as the information security standard for both FISMA and FedRAMP. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 11
  • 12. 3 © 2020 ControlCase. All Rights Reserved. 12 What is FedRAMP Marketplace?
  • 13. FedRAMP MARKETPLACE Database of Cloud Service Offerings (CSOs) Database of FedRAMP Accredited auditors Maintained by the FedRAMP Program Management Office (PMO) FedRAMP Marketplace © 2020 ControlCase. All Rights Reserved. 13
  • 14. 4 © 2020 ControlCase. All Rights Reserved. 14 Who does FedRAMP apply to?
  • 15. Any cloud services that hold federal data must be FedRAMP Authorized. Who does FedRAMP apply to? © 2020 ControlCase. All Rights Reserved. 15
  • 16. 5 © 2020 ControlCase. All Rights Reserved. 16 How hard is it to get FedRAMP certified?
  • 17. How is FedRAMP Certified There are two types of FedRAMP authorizations: a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) and an Agency Authority to Operate (ATO). © 2020 ControlCase. All Rights Reserved. 17 AGENCY AUTHORITY TO OPERATE (ATO) • Issued by the agency only. • Agencies have varying levels of risk acceptance. • Agency monitors the CSPs continuous monitoring activities. • Typically use a 3PAO, like ControlCase, to perform independent testing. PROVISIONAL AUTHORITY TO OPERATE (P-ATO) • Issued by the Joint Authorization Board. • Prioritizes authorizing cloud services that will be widely used across government. • CIOs of DoD, DHS and GSA must agree that the CSP meets all controls and presents an acceptable risk posture for use across the federal government. • Conveys a baseline level of likely acceptability for government-wide use. • CSPs must use an accredited Third-Party Assessor Organization (3PAO). • FedRAMP PMO manages continuous monitoring activities.
  • 18. FedRAMP is based on the NIST 800-53 Controls Domains Include: © 2020 ControlCase. All Rights Reserved. 18 Anti-Malware Configuration Management Incident Response Policies & Procedures Third-Party Management Application Security Data Encryption at Rest Logging & Monitoring Privacy Business Continuity Plan Governance & Compliance Logical Access Risk Assessment Change Management HR Physical Security Security Testing
  • 19. 6 © 2020 ControlCase. All Rights Reserved. 19 How long does the FedRAMP process take?
  • 20. FedRAMP Timeline © 2020 ControlCase. All Rights Reserved. 20 1 DOCUMENT SSP NIST RMF 1, 2, 3 JAB P-ATO 2 ASSESS SAP / Testing NIST RMF 4 3 AUTHORIZE SAR / POA&M NIST RMF 5 4 MONITOR CON MON Reports NIST RMF 6 6+ MONTHS AGENCY ATOs 3+ MONTHS
  • 21. 7 © 2020 ControlCase. All Rights Reserved. 21 How to get FedRAMP certified?
  • 22. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 22 1 CATEGORIZE THE INFORMATION SYSTEM Low, Moderate, High Impact 2 SELECT THE CONTROLS FedRAMP Low, Moderate, High Baseline 3 IMPLEMENT SECURITY CONTROLS Describe in SSP 4 ASSESS THE SECURITY CONTROLS Use of an Independent Assessor (3PAO) 5 AUTHORIZE INFORMATION SYSTEM Provisional ATO / Agency ATO 6 MONITOR SECURITY CONTROLS Continuous Monitoring NIST RMF
  • 23. FedRAMP JAB P-ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 23 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE READINESS ASSESSMENT & FedRAMP CONNECT 2 PHASE FULL SECURITY ASSESSMENT CSP DEPENDENT 4+ MONTH CONTINUOUS MONITORING ˜ 1 WEEK ˜ 3 WEEKS ˜ 3 WEEKS ˜ 4 WEEKS FedRAMP Ready & Prioritized for JAB ATO Kick-Off Review Remediation Final Review • Readiness Assessment Report • FedRAMP Connect Business Case Security Authorization Package * A CSP must be prioritized by the JAB before entering the JAB P-ATO process. The CSP can obtain FedRAMP Ready status either before or after the JAB’s prioritization. SSP SAP SAR POA&M
  • 24. Monthly Continuous Monitoring Deliverables SAP Development FedRAMP Agency ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 24 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE PARTNERSHIP ESTABLISHMENT 2 PHASE FULL SECURITY ASSESSMENT FedRAMP Authorization Kick-Off SAR Debrief Agency ATO * SAP & SAR are completed by the 3PAO. CONTINUOUS MONITORING REMEDIATION (IF NEEDED) FedRAMP PMO REVIEW AGENCY FINAL REVIEW REMEDIATION AGENCY REVIEW OF POA&M ASSESSMENT AGENCY REVIEW OF SAP AGENCY REVIEW OF SSP AUTHORIZATION PLANNING IN PROCESS DESIGNATION SSP Development SAR POA&M Development
  • 25. FedRAMP Continuous Monitoring ATO AUTHORIZATION PACKAGE © 2020 ControlCase. All Rights Reserved. 25 MONTHLY ANNUAL ONGOING CSP OPERATIONAL VISIBILITY • Periodic assessment of controls • Updated documentation • Ongoing authorization decision • Annual Assessment – Partial control set (SAP/SAR/POA&M/Updated docs) • Vulnerability Scans (OS/WEB/DB) • POA&M • Deviation Requests (OR/FP/RA)
  • 26. 8 © 2020 ControlCase. All Rights Reserved. 26 ControlCase methodology for FedRAMP certification?
  • 27. ControlCase Methodology for FedRAMP Certification As a 3PAO, ControlCase will independently verify and validate the control implementation and test results for your organization using a four-phase approach. Each phase will have a specific set of tasks and deliverables required to guide you, through the FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) process. © 2020 ControlCase. All Rights Reserved. 27 1 PHASE READINESS ASSESSMENT SSP / RAR JAB P-ATO 2 PHASE FULL SECURITY ASSESSMENT SAP / SAR / Testing 3 PHASE AUTHORIZATION PROCESS SSP / SAP / SAR / POA&M 4 PHASE CONTINUOUS MONITORING SAP / SAR 6+ MONTHS
  • 28. Deliverables © 2020 ControlCase. All Rights Reserved. 28 • SAP - Security Assessment Plan • SAR - Security Assessment Report • SSP - System Security Plan • RMF - Risk Management Framework DOCUMENT SSP MONITOR AUTHORIZE ACCESS SAP & Testing SAR Continuous Monitoring NIST RMF 1,2,3 4 5 6
  • 29. 9 © 2020 ControlCase. All Rights Reserved. 29 Why ControlCase?
  • 30. One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 30 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity FedRAMP HIPAA PCI P2PE GDPR NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA
  • 31. Areas of Focus for Continuous Compliance Management © 2020 ControlCase. All Rights Reserved. 31 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved.
  • 32. Summary – Why ControlCase © 2020 ControlCase. All Rights Reserved. 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
  • 33. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com Download FedRAMP Compliance Checklist FedRAMP Certification Blog