From: GCN
By (ISC)2 Government Advisory Board Executive Writers Bureau
Agencies are headed to the cloud, but security and ensuring that the requirements of Continuous Diagnostics and Mitigation (CDM) program can be met are challenging areas that can slow down cloud adoption.
Since agencies are required to look to the cloud first for services, why not seek out cloud CDM providers?
In fact, agencies are considering the use of cloud CDM providers, but they must first determine the types of assurances they need to guarantee that the CDM provider does not breach vulnerability information. So, what are the options, and do CDM services exist that are available for agencies to try at little or no cost?
Cloud providers in general are required to provide evidence of their compliance with the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology regs, as well as the supplementary security and privacy controls through the Federal Risk and Authorization Management Program (FedRAMP). As part of this process, the cloud provider is expected to have features consistent with the continuous monitoring capabilities described in the FedRAMP controls and compatible with the purchasing agency’s CDM program.
Leave a Reply