A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Analyzing Weak Areas of the Federal Cloud Security Program - Vinny Troia Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Analyzing Weak Areas of the Federal Cloud Security Program
Vinny Troia
Derbycon 2014

As businesses continue to move their infrastructure to the cloud, FedRAMP has become the standard compliance program by which companies measure the security of their cloud provider. FedRAMP, the Federal Risk and Authorization Management Program, is a derivative of FISMA, and based on a slimmed-down version of the NIST 800-53 (rev3) controls. FedRAMP is becoming the growing standard among large enterprise moving to the cloud because of the stringent security control requirement and ongoing Continuous Monitoring required to maintain accreditation on a monthly basis. This presentation will discuss the monthly, quarterly, and annual Continuous Monitoring requirements, my personal pain points in having successfully gone through the process, a discussion of the programs pitfalls and shortcomings, and what areas penetration testers and organizations need to look out for.

Slides

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast