Example Track 1

The Pentagon, the Cloud and Security

Nov 19, 2019

10:15 AM - 10:35 AM

Kevin M. Dulany

Deputy Director, CS Policy and Partnerships

Department of Defense

Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to improve the process for certifying the security of cloud products and services used by federal agencies. Making the FedRAMP program easier, increasing speed to authorization and reducing the cost of compliance are long-standing goals. The quest continued with this summer’s Ideation Challenge, described by GSA as an initiative to crowdsource “any idea that could improve and benefit the authorization process.”

This session will cover:

-- FedRAMP history and lessons learned
-- Leveraging Joint Authorization Board (JAB) Provisional Authorizations
-- How JAB authorizations differ from Agency Authorities to Operate (ATOs)
-- Differences between FedRAMP and DoD cloud security requirements
-- Continuous Monitoring and the outlook for security automation