Speaker(s): snangle
The Federal Risk and Authorization Management Program (FedRAMP) was introduced by the United States government in 2011. The program was developed in order to address the lack of a standardized method for evaluating and monitoring the risk and security of providers of cloud-based services to Federal agencies. Cloud Service Providers (CSPs) are now required to be authorized under the FedRAMP program in order to provide cloud-based offerings to the Federal government.
In this session, attendees will be provided with an introduction to the FedRAMP authorization process - both in terms of the general requirements for compliance and successful authorization, and in terms of identifying organizations that are best suited to pursue FedRAMP authorization. Attendees will leave the session with strategies to make the FedRAMP authorization process as painless as possible.
In 2014, the speaker's employer began the FedRAMP authorization process, and brought the speaker on board in to lead this process. FedRAMP authorization was successfully completed less than 12 months, and the organization is currently the in continuous monitoring phase, with the first year's re-assessment recently completed. This talk will use a case study approach in order to illustrate portions of the FedRAMP process that worked well, as well as challenges and lessons learned by the speaker's organization.
After completing this session, attendees will be able to
- Determine if FedRAMP authorization is appropriate for their organization
- Determine high level strategies for their organization's FedRAMP authorization process
- Prepare for the documentation process for a FedRAMP assessment
- Prepare for continuous monitoring following a FedRAMP authorization