It’s not entirely clear if simply codifying FedRAMP will have a noticeable impact on the program or the way it operates, but nothing in the law suggests any effort to strengthen federal cloud security requirements.
Adoption of cloud computing services under FedRAMP has been hampered by many federal agencies’ unwillingness to accept FedRAMP authorization as sufficient or to accept ATOs granted by other agencies.
More troubling than the poor incident response (including reporting) at FDIC is the apparently complete inability of the agency to prevent large-scale data exfiltration.
The Federal Information Security Modernization Act of 2014 introduces a new term to the federal security management lexicon: binding operational directive. The text of the law defines binding operational directive as “a compulsory direction to an…
For the most part, the 2014 update to FISMA introduces little new to federal security management, but instead codifies roles, responsibilities, requirements, and practices already put in place through OMB memoranda and other official guidance to agencies.
On December 12, the National Institute of Standards and Technology (NIST) Computer Security Division announced the final release of Special Publication 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. This…
In December Congress passed, and the president signed into law the Federal Information Security Modernization Act of 2014, which provides the first comprehensive update to federal security legislation since 2002.
CSO Online Headlines Dark Reading
SecurityArchitecture.com