Posted by SecurityArchitecture on Tuesday, January 3, 2023
It’s not entirely clear if simply codifying FedRAMP will have a noticeable impact on the program or the way it operates, but nothing in the law suggests any effort to strengthen federal cloud security requirements.
Posted by SecurityArchitecture on Friday, July 8, 2016
Adoption of cloud computing services under FedRAMP has been hampered by many federal agencies’ unwillingness to accept FedRAMP authorization as sufficient or to accept ATOs granted by other agencies.
Posted by SecurityArchitecture on Sunday, May 22, 2016
More troubling than the poor incident response (including reporting) at FDIC is the apparently complete inability of the agency to prevent large-scale data exfiltration.
Posted by SecurityArchitecture on Tuesday, January 6, 2015
The Federal Information Security Modernization Act of 2014 introduces a new term to the federal security management lexicon: binding operational directive. The text of the law defines binding operational directive as “a compulsory direction to an…
Posted by SecurityArchitecture on Tuesday, December 30, 2014
For the most part, the 2014 update to FISMA introduces little new to federal security management, but instead codifies roles, responsibilities, requirements, and practices already put in place through OMB memoranda and other official guidance to agencies.
Posted by SecurityArchitecture on Friday, December 26, 2014
On December 12, the National Institute of Standards and Technology (NIST) Computer Security Division announced the final release of Special Publication 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. This…
Posted by SecurityArchitecture on Friday, December 19, 2014
In December Congress passed, and the president signed into law the Federal Information Security Modernization Act of 2014, which provides the first comprehensive update to federal security legislation since 2002.