by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2014
obtain a waiver from DOD’s CIO. Part of the ECSB security assessment process involves tapping the provisional authorization and authority-to-operate packages in FedRAMP’s secure reposi- tory, including all supporting documen- tation. Once a CSP passes the ECSB security assessment and receives a DISA provisional authorization, its prod- uct or service is eligible for use by DOD cloud customers. CNSS has worked with represen- tatives from the civilian, defense and intelligence communities to produce a unified information security frame- work and to ensure that NIST SP 800- 53 contains security controls that meet the requirements of national security systems. Those FedRAMP-plus con- trols include additional requirements for defense systems. CSPs must implement and document the additional controls and enhance- ments for assessment by DISA when applying for provisional authorization. As part of a CSP’s continuous monitor- ing program, the company and its third- party assessment organization must provide evidence of implementation of the additional controls. The ECSB will use that information, in combina- tion with all the information provided to the FedRAMP information system security officer, to recommend that suc- cessful companies be reauthorized as provisional DOD CSPs. In November 2013, Autonomic Resources announced that DOD had issued a provisional authorization for the company’s Autonomic Resources Cloud Platform infrastructure-as-a- service offering, making it the first cloud provider offered for DOD-wide acceptance in the ECSB catalog. Nota- bly, ARC-P was also the first CSP to obtain FedRAMP provisional authori- zation, at the end of 2012. After ARC-P achieved FedRAMP authorization, it was assessed using the DOD Cloud Security Model, which takes into account an additional 23 con- trols and enhancements. According to Autonomic, ARC-P is now authorized at DOD Impact Levels 1 and 2, meaning it is approved for unclassified public and unclassified private information. Two other firms — CGI Federal and Amazon Web Services — followed soon after, and Takai told Congress in March that nine companies are in the pipeline to provide services to DOD. With a process to authorize systems for DOD use, FedRAMP is now not only the pathway for CSPs to certify their services for civilian agencies but also a major component of DOD’s authoriza- tion process. ■ Christina McGhee is the FedRAMP technical lead at BrightLine, a FedRAMP-accredited third-party assessment organization. ONLINE REPORT SPONSORED BY: Iron Bow Technologies TOPICS INCLUDE: Special Report NETCENTS-2: THE IT KEY TO THE AIR FORCE’S NET-CENTRIC MISSION NETCENTS EVOLVES AS REQUIREMENTS EVOLVE AIR FORCE LEVERAGES THE POWER OF MANDATORY USE POLICY AIR FORCE CREATES NEW OPENINGS FOR SMALL BUSINESSES PRODUCT BUYING CRITERIA: NOT A SIMPLE MATTER TO LEARN MORE, VISIT: FCW.COM/2014NETCENTS2 32 May 15, 2014 FCW.COM DrillDown
April 30, 2014
May 30, 2014