Analyzing Weak Areas of the Federal Cloud Security Program

DerbyCon 4.0 - Family Rootz

Presented by: Vinny Troia
Date: Sunday September 28, 2014
Time: 09:00 - 09:50
Location: Track 3

As businesses continue to move their infrastructure to the cloud, FedRAMP has become the standard compliance program by which companies measure the security of their cloud provider. FedRAMP, the Federal Risk and Authorization Management Program, is a derivative of FISMA, and based on a slimmed-down version of the NIST 800-53 (rev3) controls. FedRAMP is becoming the growing standard among large enterprise moving to the cloud because of the stringent security control requirement and ongoing Continuous Monitoring required to maintain accreditation on a monthly basis.

This presentation will discuss the monthly, quarterly, and annual Continuous Monitoring requirements, my personal pain points in having successfully gone through the process, a discussion of the programs pitfalls and shortcomings, and what areas penetration testers and organizations need to look out for.

Vinny Troia


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats