As the FedRAMP program approaches the end of its first decade, an increased threat landscape has prompted changes throughout government. FedRAMP program executives have been updating its cloud security offerings to provide a system of security controls that offer a threat-based approach to risk management. The new framework was the result of work by the CISA .govCAR team at Department of Homeland Security that developed a scoring system for each of NIST’s 800-53 security controls. The new approach allows agencies to rank threats and respond effectively.
DOD also recently updated its Cloud Security Guide to reduce the differences between Defense security guidance and FedRAMP, and offered new opportunities for reciprocity between the systems.
And on the legislative front, Congress has been debating and is moving forward with legislation that would codify FedRAMP requirements and establish an advisory board.
Executives from government and industry will examine the new policy developments, how the changing threat environment challenges agencies with limited people and budgetary resources and lessons learned from the log4j vulnerability.
Attendees at this event will come away with a better understanding of:
What the proposed rules on incident reporting can mean for agencies
How a threat based approach to risk management offers more security
How new data on threats and responses is helping create new frameworks
Why including security frameworks in enterprise mobility management is essential
What changes may be coming for acquiring cloud services thru a new marketplace
How state and local governments are progressing with StateRAMP