SlideShare une entreprise Scribd logo

FedRAMP Certification & FedRAMP Marketplace

Télécharger en tant que PPTX, PDF
ControlCase
ControlCase

This document discusses FedRAMP certification and how ControlCase can help organizations achieve it. FedRAMP is a government program that provides a standardized approach to assessing and authorizing cloud services used by the federal government. ControlCase offers FedRAMP certification services using a four-phase methodology to guide clients through the certification process, which can take 6 months or more and involves developing security documentation, independent assessments, and continuous monitoring once certified. ControlCase aims to streamline compliance and provide continuous visibility into an organization's posture.

Gouvernement et associations à but non lucratif
1  sur  33
YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download FedRAMP Compliance Checklist FedRAMP Certification Blog FedRAMP Certification & FedRAMP Marketplace WEBINAR:
Who Does FedRAMP Apply To? ControlCase Introduction What Is FedRAMP? What Is FedRAMP Marketplace? How Hard Is It To Get FedRAMP Certified? How Long Does The FedRAMP Process Take? How To Get FedRAMP Certified? ControlCase Methodology For FedRAMP Compliance Why ControlCase AGENDA © 2020 ControlCase. All Rights Reserved. 2 4 1 2 3 5 6 7 8 9
1 © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution Certification and Continuous Compliance Services © 2020 ControlCase. All Rights Reserved. 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
2 © 2020 ControlCase. All Rights Reserved. 7 What is FedRAMP?
FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FedRAMP): FedRAMP prescribes the security requirements & processes cloud service providers must follow in order for the government to use their services. • Established in 2012 by the Office of Management and Budget (OMB). FedRAMP empowers government agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions. • Provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. • Uses NIST SP 800-53 standard as security baseline. • Similar to FISMA, but for Cloud Security. What is FedRAMP? © 2020 ControlCase. All Rights Reserved. 8
PROGRAM MANAGEMENT OFFICE (PMO) • Resides within GSA and supports agencies and cloud service providers through the FedRAMP authorization process. • Maintains a secure repository of FedRAMP authorizations to enable reuse of security packages. JOINT AUTHORIZATION BOARD (JAB) • Primary governance and decision-making body for FedRAMP. • Members include the chief information officers (CIOs) from the Department of Defense, Department of Homeland Security, and General Services Administration. FedRAMP Entities © 2020 ControlCase. All Rights Reserved. 9
FedRAMP Stakeholders © 2020 ControlCase. All Rights Reserved. 10 FEDERAL AGENCIES • Contract with Cloud Service Provider • Leverage ATO or use FedRAMP process when authorizing • Implement consumer controls FedRAMP PMO & JAB • Establish processes and standards for security authorizations • Maintain secure repository of available security packages • Provisionally authorize systems that have greatest ability to be leveraged government-wide CLOUD SERVICE PROVIDER • Implement and document security • Use independent Assessor • Monitor security • Provide artifacts 3PAOs (Third Party Assessment Organizations) • Cloud auditor, maintains independence from CSP • Performs initial and periodic assessment of FedRAMP controls • Does NOT assist in creation of control documentation
FedRAMP USES NIST 800-53 CONTROLS • A standard published by the National Institute of Standards and Technology (NIST), which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. • Used as the information security standard for both FISMA and FedRAMP. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 11
3 © 2020 ControlCase. All Rights Reserved. 12 What is FedRAMP Marketplace?
FedRAMP MARKETPLACE Database of Cloud Service Offerings (CSOs) Database of FedRAMP Accredited auditors Maintained by the FedRAMP Program Management Office (PMO) FedRAMP Marketplace © 2020 ControlCase. All Rights Reserved. 13
4 © 2020 ControlCase. All Rights Reserved. 14 Who does FedRAMP apply to?
Any cloud services that hold federal data must be FedRAMP Authorized. Who does FedRAMP apply to? © 2020 ControlCase. All Rights Reserved. 15
5 © 2020 ControlCase. All Rights Reserved. 16 How hard is it to get FedRAMP certified?
How is FedRAMP Certified There are two types of FedRAMP authorizations: a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) and an Agency Authority to Operate (ATO). © 2020 ControlCase. All Rights Reserved. 17 AGENCY AUTHORITY TO OPERATE (ATO) • Issued by the agency only. • Agencies have varying levels of risk acceptance. • Agency monitors the CSPs continuous monitoring activities. • Typically use a 3PAO, like ControlCase, to perform independent testing. PROVISIONAL AUTHORITY TO OPERATE (P-ATO) • Issued by the Joint Authorization Board. • Prioritizes authorizing cloud services that will be widely used across government. • CIOs of DoD, DHS and GSA must agree that the CSP meets all controls and presents an acceptable risk posture for use across the federal government. • Conveys a baseline level of likely acceptability for government-wide use. • CSPs must use an accredited Third-Party Assessor Organization (3PAO). • FedRAMP PMO manages continuous monitoring activities.
FedRAMP is based on the NIST 800-53 Controls Domains Include: © 2020 ControlCase. All Rights Reserved. 18 Anti-Malware Configuration Management Incident Response Policies & Procedures Third-Party Management Application Security Data Encryption at Rest Logging & Monitoring Privacy Business Continuity Plan Governance & Compliance Logical Access Risk Assessment Change Management HR Physical Security Security Testing
6 © 2020 ControlCase. All Rights Reserved. 19 How long does the FedRAMP process take?
FedRAMP Timeline © 2020 ControlCase. All Rights Reserved. 20 1 DOCUMENT SSP NIST RMF 1, 2, 3 JAB P-ATO 2 ASSESS SAP / Testing NIST RMF 4 3 AUTHORIZE SAR / POA&M NIST RMF 5 4 MONITOR CON MON Reports NIST RMF 6 6+ MONTHS AGENCY ATOs 3+ MONTHS
7 © 2020 ControlCase. All Rights Reserved. 21 How to get FedRAMP certified?
FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 22 1 CATEGORIZE THE INFORMATION SYSTEM Low, Moderate, High Impact 2 SELECT THE CONTROLS FedRAMP Low, Moderate, High Baseline 3 IMPLEMENT SECURITY CONTROLS Describe in SSP 4 ASSESS THE SECURITY CONTROLS Use of an Independent Assessor (3PAO) 5 AUTHORIZE INFORMATION SYSTEM Provisional ATO / Agency ATO 6 MONITOR SECURITY CONTROLS Continuous Monitoring NIST RMF
FedRAMP JAB P-ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 23 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE READINESS ASSESSMENT & FedRAMP CONNECT 2 PHASE FULL SECURITY ASSESSMENT CSP DEPENDENT 4+ MONTH CONTINUOUS MONITORING ˜ 1 WEEK ˜ 3 WEEKS ˜ 3 WEEKS ˜ 4 WEEKS FedRAMP Ready & Prioritized for JAB ATO Kick-Off Review Remediation Final Review • Readiness Assessment Report • FedRAMP Connect Business Case Security Authorization Package * A CSP must be prioritized by the JAB before entering the JAB P-ATO process. The CSP can obtain FedRAMP Ready status either before or after the JAB’s prioritization. SSP SAP SAR POA&M
Monthly Continuous Monitoring Deliverables SAP Development FedRAMP Agency ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 24 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE PARTNERSHIP ESTABLISHMENT 2 PHASE FULL SECURITY ASSESSMENT FedRAMP Authorization Kick-Off SAR Debrief Agency ATO * SAP & SAR are completed by the 3PAO. CONTINUOUS MONITORING REMEDIATION (IF NEEDED) FedRAMP PMO REVIEW AGENCY FINAL REVIEW REMEDIATION AGENCY REVIEW OF POA&M ASSESSMENT AGENCY REVIEW OF SAP AGENCY REVIEW OF SSP AUTHORIZATION PLANNING IN PROCESS DESIGNATION SSP Development SAR POA&M Development
FedRAMP Continuous Monitoring ATO AUTHORIZATION PACKAGE © 2020 ControlCase. All Rights Reserved. 25 MONTHLY ANNUAL ONGOING CSP OPERATIONAL VISIBILITY • Periodic assessment of controls • Updated documentation • Ongoing authorization decision • Annual Assessment – Partial control set (SAP/SAR/POA&M/Updated docs) • Vulnerability Scans (OS/WEB/DB) • POA&M • Deviation Requests (OR/FP/RA)
8 © 2020 ControlCase. All Rights Reserved. 26 ControlCase methodology for FedRAMP certification?
ControlCase Methodology for FedRAMP Certification As a 3PAO, ControlCase will independently verify and validate the control implementation and test results for your organization using a four-phase approach. Each phase will have a specific set of tasks and deliverables required to guide you, through the FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) process. © 2020 ControlCase. All Rights Reserved. 27 1 PHASE READINESS ASSESSMENT SSP / RAR JAB P-ATO 2 PHASE FULL SECURITY ASSESSMENT SAP / SAR / Testing 3 PHASE AUTHORIZATION PROCESS SSP / SAP / SAR / POA&M 4 PHASE CONTINUOUS MONITORING SAP / SAR 6+ MONTHS
Deliverables © 2020 ControlCase. All Rights Reserved. 28 • SAP - Security Assessment Plan • SAR - Security Assessment Report • SSP - System Security Plan • RMF - Risk Management Framework DOCUMENT SSP MONITOR AUTHORIZE ACCESS SAP & Testing SAR Continuous Monitoring NIST RMF 1,2,3 4 5 6
9 © 2020 ControlCase. All Rights Reserved. 29 Why ControlCase?
One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 30 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity FedRAMP HIPAA PCI P2PE GDPR NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA
Areas of Focus for Continuous Compliance Management © 2020 ControlCase. All Rights Reserved. 31 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved.
Summary – Why ControlCase © 2020 ControlCase. All Rights Reserved. 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com Download FedRAMP Compliance Checklist FedRAMP Certification Blog

Recommandé

Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)
GovCloud Network
 
Cloud Workload Suitability
Cloud Workload SuitabilityCloud Workload Suitability
Cloud Workload Suitability
Vedanta Barooah
 
Cloud migration plan1. executive summary ( 1 page)2. scope (
Cloud migration plan1. executive summary ( 1 page)2. scope (Cloud migration plan1. executive summary ( 1 page)2. scope (
Cloud migration plan1. executive summary ( 1 page)2. scope (
mehek4
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Mcas log collector deck
Mcas log collector deckMcas log collector deck
Mcas log collector deck
Matt Soseman
 
Migrate to Azure with Confidence - Inovar Consulting
Migrate to Azure with Confidence - Inovar ConsultingMigrate to Azure with Confidence - Inovar Consulting
Migrate to Azure with Confidence - Inovar Consulting
Inovar Tech
 
Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Data Streaming with Apache Kafka in the Defence and Cybersecurity IndustryData Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Kai Wähner
 

Recommandé

Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)
GovCloud Network
 
Cloud Workload Suitability
Cloud Workload SuitabilityCloud Workload Suitability
Cloud Workload Suitability
Vedanta Barooah
 
Cloud migration plan1. executive summary ( 1 page)2. scope (
Cloud migration plan1. executive summary ( 1 page)2. scope (Cloud migration plan1. executive summary ( 1 page)2. scope (
Cloud migration plan1. executive summary ( 1 page)2. scope (
mehek4
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Mcas log collector deck
Mcas log collector deckMcas log collector deck
Mcas log collector deck
Matt Soseman
 
Migrate to Azure with Confidence - Inovar Consulting
Migrate to Azure with Confidence - Inovar ConsultingMigrate to Azure with Confidence - Inovar Consulting
Migrate to Azure with Confidence - Inovar Consulting
Inovar Tech
 
Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Data Streaming with Apache Kafka in the Defence and Cybersecurity IndustryData Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Data Streaming with Apache Kafka in the Defence and Cybersecurity Industry
Kai Wähner
 
security onion
security onionsecurity onion
security onion
Boni Yeamin
 
Big Data Pipelines and Machine Learning at Uber
Big Data Pipelines and Machine Learning at UberBig Data Pipelines and Machine Learning at Uber
Big Data Pipelines and Machine Learning at Uber
Sudhir Tonse
 
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Kai Wähner
 
Penetration Testing SAP Systems
Penetration Testing SAP SystemsPenetration Testing SAP Systems
Penetration Testing SAP Systems
Onapsis Inc.
 
Multi-cloud strategies and services
Multi-cloud strategies and servicesMulti-cloud strategies and services
Multi-cloud strategies and services
Tatiana Lavrentieva
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Teemu Tiainen
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch Deck
Nicholas Vossburg
 
Strategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementStrategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset Management
CA Technologies
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
BATbern
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
Introduction to appDynamics
Introduction to appDynamics Introduction to appDynamics
Introduction to appDynamics
Siddhanta Rath
 
Cloud Services Corporate Presentation
Cloud Services Corporate PresentationCloud Services Corporate Presentation
Cloud Services Corporate Presentation
Vijay Vasandi
 
Soluciones Dynatrace
Soluciones DynatraceSoluciones Dynatrace
Soluciones Dynatrace
Innovation Strategies
 
AWS Empowering Digital Marketing with the AWS Cloud
AWS Empowering Digital Marketing with the AWS Cloud AWS Empowering Digital Marketing with the AWS Cloud
AWS Empowering Digital Marketing with the AWS Cloud
Amazon Web Services
 
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Erwin de Kreuk
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Azure ML Training - Deep Dive
Azure ML Training - Deep DiveAzure ML Training - Deep Dive
Azure ML Training - Deep Dive
Venkatesh Narayanan
 
Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
Ray Potter
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Schellman & Company
 

Contenu connexe

Tendances

Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Kai Wähner
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Teemu Tiainen
 
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Erwin de Kreuk
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 

Tendances (20)

security onion
security onionsecurity onion
security onion
 
Big Data Pipelines and Machine Learning at Uber
Big Data Pipelines and Machine Learning at UberBig Data Pipelines and Machine Learning at Uber
Big Data Pipelines and Machine Learning at Uber
 
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
Apache Kafka in the Automotive Industry (Connected Vehicles, Manufacturing 4....
 
Penetration Testing SAP Systems
Penetration Testing SAP SystemsPenetration Testing SAP Systems
Penetration Testing SAP Systems
 
Multi-cloud strategies and services
Multi-cloud strategies and servicesMulti-cloud strategies and services
Multi-cloud strategies and services
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch Deck
 
Strategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset ManagementStrategies for Effective Hardware and Software Asset Management
Strategies for Effective Hardware and Software Asset Management
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
 
Introduction to appDynamics
Introduction to appDynamics Introduction to appDynamics
Introduction to appDynamics
 
Cloud Services Corporate Presentation
Cloud Services Corporate PresentationCloud Services Corporate Presentation
Cloud Services Corporate Presentation
 
Soluciones Dynatrace
Soluciones DynatraceSoluciones Dynatrace
Soluciones Dynatrace
 
AWS Empowering Digital Marketing with the AWS Cloud
AWS Empowering Digital Marketing with the AWS Cloud AWS Empowering Digital Marketing with the AWS Cloud
AWS Empowering Digital Marketing with the AWS Cloud
 
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
Azure Key Vault, Azure Dev Ops and Azure Synapse - how these services work pe...
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Azure ML Training - Deep Dive
Azure ML Training - Deep DiveAzure ML Training - Deep Dive
Azure ML Training - Deep Dive
 

Similaire à FedRAMP Certification & FedRAMP Marketplace

Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
Ray Potter
 
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
Amazon Web Services
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI)
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Amazon Web Services
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
Wendy Knox Everette
 

Similaire à FedRAMP Certification & FedRAMP Marketplace (20)

Amped for FedRAMP
Amped for FedRAMPAmped for FedRAMP
Amped for FedRAMP
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
FedRAMP Accelerated: An Update with GSA & cloud.gov | AWS Public Sector Summi...
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlanEmbedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
Embedding GAMP Compliance into Digital Health Software - The Case of SpiraPlan
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
 
How Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP ProjectsHow Verizon Uses Automation to Accelerate SAP Projects
How Verizon Uses Automation to Accelerate SAP Projects
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
 

Plus de ControlCase

Plus de ControlCase (20)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 

Dernier

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
Call Girls in Nagpur High Profile
 
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
Call Girls in Nagpur High Profile
 
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
adilkhan87451
 
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
tanu pandey
 
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
SUHANI PANDEY
 
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
SUHANI PANDEY
 
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
tanu pandey
 

Dernier (20)

Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Patna Escorts Just Dail 8250092165 service available anytime 24 hour
 
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
 
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
Call Girls in Sarita Vihar Delhi Just Call 👉👉9873777170 Independent Female ...
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
Pimpri Chinchwad ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi R...
 
A Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisA Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental Crisis
 
The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)
 
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Lohegaon ( Pune ) Call ON 8005736733 Starting From 5K to...
 
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
VIP Model Call Girls Baramati ( Pune ) Call ON 8005736733 Starting From 5K to...
 
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Agra 7001035870 Whatsapp Number, 24/07 Booking
 
AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
An Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCAn Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCC
 
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Chakan ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 

FedRAMP Certification & FedRAMP Marketplace

  • 1. YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download FedRAMP Compliance Checklist FedRAMP Certification Blog FedRAMP Certification & FedRAMP Marketplace WEBINAR:
  • 2. Who Does FedRAMP Apply To? ControlCase Introduction What Is FedRAMP? What Is FedRAMP Marketplace? How Hard Is It To Get FedRAMP Certified? How Long Does The FedRAMP Process Take? How To Get FedRAMP Certified? ControlCase Methodology For FedRAMP Compliance Why ControlCase AGENDA © 2020 ControlCase. All Rights Reserved. 2 4 1 2 3 5 6 7 8 9
  • 3. 1 © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
  • 4. ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 5. Solution Certification and Continuous Compliance Services © 2020 ControlCase. All Rights Reserved. 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 6. Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
  • 7. 2 © 2020 ControlCase. All Rights Reserved. 7 What is FedRAMP?
  • 8. FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FedRAMP): FedRAMP prescribes the security requirements & processes cloud service providers must follow in order for the government to use their services. • Established in 2012 by the Office of Management and Budget (OMB). FedRAMP empowers government agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions. • Provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. • Uses NIST SP 800-53 standard as security baseline. • Similar to FISMA, but for Cloud Security. What is FedRAMP? © 2020 ControlCase. All Rights Reserved. 8
  • 9. PROGRAM MANAGEMENT OFFICE (PMO) • Resides within GSA and supports agencies and cloud service providers through the FedRAMP authorization process. • Maintains a secure repository of FedRAMP authorizations to enable reuse of security packages. JOINT AUTHORIZATION BOARD (JAB) • Primary governance and decision-making body for FedRAMP. • Members include the chief information officers (CIOs) from the Department of Defense, Department of Homeland Security, and General Services Administration. FedRAMP Entities © 2020 ControlCase. All Rights Reserved. 9
  • 10. FedRAMP Stakeholders © 2020 ControlCase. All Rights Reserved. 10 FEDERAL AGENCIES • Contract with Cloud Service Provider • Leverage ATO or use FedRAMP process when authorizing • Implement consumer controls FedRAMP PMO & JAB • Establish processes and standards for security authorizations • Maintain secure repository of available security packages • Provisionally authorize systems that have greatest ability to be leveraged government-wide CLOUD SERVICE PROVIDER • Implement and document security • Use independent Assessor • Monitor security • Provide artifacts 3PAOs (Third Party Assessment Organizations) • Cloud auditor, maintains independence from CSP • Performs initial and periodic assessment of FedRAMP controls • Does NOT assist in creation of control documentation
  • 11. FedRAMP USES NIST 800-53 CONTROLS • A standard published by the National Institute of Standards and Technology (NIST), which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. • Used as the information security standard for both FISMA and FedRAMP. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 11
  • 12. 3 © 2020 ControlCase. All Rights Reserved. 12 What is FedRAMP Marketplace?
  • 13. FedRAMP MARKETPLACE Database of Cloud Service Offerings (CSOs) Database of FedRAMP Accredited auditors Maintained by the FedRAMP Program Management Office (PMO) FedRAMP Marketplace © 2020 ControlCase. All Rights Reserved. 13
  • 14. 4 © 2020 ControlCase. All Rights Reserved. 14 Who does FedRAMP apply to?
  • 15. Any cloud services that hold federal data must be FedRAMP Authorized. Who does FedRAMP apply to? © 2020 ControlCase. All Rights Reserved. 15
  • 16. 5 © 2020 ControlCase. All Rights Reserved. 16 How hard is it to get FedRAMP certified?
  • 17. How is FedRAMP Certified There are two types of FedRAMP authorizations: a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) and an Agency Authority to Operate (ATO). © 2020 ControlCase. All Rights Reserved. 17 AGENCY AUTHORITY TO OPERATE (ATO) • Issued by the agency only. • Agencies have varying levels of risk acceptance. • Agency monitors the CSPs continuous monitoring activities. • Typically use a 3PAO, like ControlCase, to perform independent testing. PROVISIONAL AUTHORITY TO OPERATE (P-ATO) • Issued by the Joint Authorization Board. • Prioritizes authorizing cloud services that will be widely used across government. • CIOs of DoD, DHS and GSA must agree that the CSP meets all controls and presents an acceptable risk posture for use across the federal government. • Conveys a baseline level of likely acceptability for government-wide use. • CSPs must use an accredited Third-Party Assessor Organization (3PAO). • FedRAMP PMO manages continuous monitoring activities.
  • 18. FedRAMP is based on the NIST 800-53 Controls Domains Include: © 2020 ControlCase. All Rights Reserved. 18 Anti-Malware Configuration Management Incident Response Policies & Procedures Third-Party Management Application Security Data Encryption at Rest Logging & Monitoring Privacy Business Continuity Plan Governance & Compliance Logical Access Risk Assessment Change Management HR Physical Security Security Testing
  • 19. 6 © 2020 ControlCase. All Rights Reserved. 19 How long does the FedRAMP process take?
  • 20. FedRAMP Timeline © 2020 ControlCase. All Rights Reserved. 20 1 DOCUMENT SSP NIST RMF 1, 2, 3 JAB P-ATO 2 ASSESS SAP / Testing NIST RMF 4 3 AUTHORIZE SAR / POA&M NIST RMF 5 4 MONITOR CON MON Reports NIST RMF 6 6+ MONTHS AGENCY ATOs 3+ MONTHS
  • 21. 7 © 2020 ControlCase. All Rights Reserved. 21 How to get FedRAMP certified?
  • 22. FedRAMP & NIST 800-53 © 2020 ControlCase. All Rights Reserved. 22 1 CATEGORIZE THE INFORMATION SYSTEM Low, Moderate, High Impact 2 SELECT THE CONTROLS FedRAMP Low, Moderate, High Baseline 3 IMPLEMENT SECURITY CONTROLS Describe in SSP 4 ASSESS THE SECURITY CONTROLS Use of an Independent Assessor (3PAO) 5 AUTHORIZE INFORMATION SYSTEM Provisional ATO / Agency ATO 6 MONITOR SECURITY CONTROLS Continuous Monitoring NIST RMF
  • 23. FedRAMP JAB P-ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 23 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE READINESS ASSESSMENT & FedRAMP CONNECT 2 PHASE FULL SECURITY ASSESSMENT CSP DEPENDENT 4+ MONTH CONTINUOUS MONITORING ˜ 1 WEEK ˜ 3 WEEKS ˜ 3 WEEKS ˜ 4 WEEKS FedRAMP Ready & Prioritized for JAB ATO Kick-Off Review Remediation Final Review • Readiness Assessment Report • FedRAMP Connect Business Case Security Authorization Package * A CSP must be prioritized by the JAB before entering the JAB P-ATO process. The CSP can obtain FedRAMP Ready status either before or after the JAB’s prioritization. SSP SAP SAR POA&M
  • 24. Monthly Continuous Monitoring Deliverables SAP Development FedRAMP Agency ATO Process (Certification) © 2020 ControlCase. All Rights Reserved. 24 3 PHASE AUTHORIZATION PROCESS 4 PHASE CON MON 1 PHASE PARTNERSHIP ESTABLISHMENT 2 PHASE FULL SECURITY ASSESSMENT FedRAMP Authorization Kick-Off SAR Debrief Agency ATO * SAP & SAR are completed by the 3PAO. CONTINUOUS MONITORING REMEDIATION (IF NEEDED) FedRAMP PMO REVIEW AGENCY FINAL REVIEW REMEDIATION AGENCY REVIEW OF POA&M ASSESSMENT AGENCY REVIEW OF SAP AGENCY REVIEW OF SSP AUTHORIZATION PLANNING IN PROCESS DESIGNATION SSP Development SAR POA&M Development
  • 25. FedRAMP Continuous Monitoring ATO AUTHORIZATION PACKAGE © 2020 ControlCase. All Rights Reserved. 25 MONTHLY ANNUAL ONGOING CSP OPERATIONAL VISIBILITY • Periodic assessment of controls • Updated documentation • Ongoing authorization decision • Annual Assessment – Partial control set (SAP/SAR/POA&M/Updated docs) • Vulnerability Scans (OS/WEB/DB) • POA&M • Deviation Requests (OR/FP/RA)
  • 26. 8 © 2020 ControlCase. All Rights Reserved. 26 ControlCase methodology for FedRAMP certification?
  • 27. ControlCase Methodology for FedRAMP Certification As a 3PAO, ControlCase will independently verify and validate the control implementation and test results for your organization using a four-phase approach. Each phase will have a specific set of tasks and deliverables required to guide you, through the FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) process. © 2020 ControlCase. All Rights Reserved. 27 1 PHASE READINESS ASSESSMENT SSP / RAR JAB P-ATO 2 PHASE FULL SECURITY ASSESSMENT SAP / SAR / Testing 3 PHASE AUTHORIZATION PROCESS SSP / SAP / SAR / POA&M 4 PHASE CONTINUOUS MONITORING SAP / SAR 6+ MONTHS
  • 28. Deliverables © 2020 ControlCase. All Rights Reserved. 28 • SAP - Security Assessment Plan • SAR - Security Assessment Report • SSP - System Security Plan • RMF - Risk Management Framework DOCUMENT SSP MONITOR AUTHORIZE ACCESS SAP & Testing SAR Continuous Monitoring NIST RMF 1,2,3 4 5 6
  • 29. 9 © 2020 ControlCase. All Rights Reserved. 29 Why ControlCase?
  • 30. One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 30 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity FedRAMP HIPAA PCI P2PE GDPR NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA
  • 31. Areas of Focus for Continuous Compliance Management © 2020 ControlCase. All Rights Reserved. 31 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved.
  • 32. Summary – Why ControlCase © 2020 ControlCase. All Rights Reserved. 32 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
  • 33. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com Download FedRAMP Compliance Checklist FedRAMP Certification Blog