by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : March 15, 2016
FedRAMP and CDM: A dual path to security in the cloud announced its intention to begin con- ducting CDM in the cloud to cut down on or eliminate the on-premises dupli- cation across those smaller entities. FedRAMP’s higher baseline is sig- nificant to the CDM program as it evolves to the cloud because it would protect sensitive threat and vulner- ability data with cloud-based CDM tools. DHS categorizes that data — which is collected from agency sen- sors and systems and normalized and monitored in the cloud — at the high impact level, so it requires stringent safeguards. The initial cloud-based CDM would deliver Phase 1 capabilities and parts of Phase 2, giving smaller agencies the ability to better manage their access controls, security-related behaviors, credentials and authenti- cation, and privileged users. That is a key development because the lack of privileged-user management and infrastructure integrity has led to some of the most damaging govern- ment breaches. CSP safeguards On the other side of the coin, what about the robustness of the CSPs that deliver and host those solutions? They must be as secure as government agencies, if not more so. That’s why FedRAMP recently issued more rig- orous guidance and penetration test- ing of CSPs before they’re granted an authority to operate. FedRAMP’s third-party assessment organizations (3PAOs) are now test- ing and assessing the ability of CSPs to withstand phishing, social engi- neering, and other means of gaining unauthorized access and elevated privileges. That level of testing for CSPs is more stringent than the gov- ernment typically conducts itself. (Disclosure: My employer, Kratos SecureInfo, is a FedRAMP 3PAO that March 15, 2016 FCW.COM 31 SHUTTERSTOCK Once agencies know that CDM- related systems can operate securely in the cloud, they’ll have proof that cloud- based security is not only achievable and reliable, but also desirable. 03156fcw_030-032.indd 31 2/18/16 3:15 PM
March 30, 2016