First floated as an idea in 2010, the Federal Risk and Authorization Management Program was officially launched in 2012 as a government-wide program to secure cloud products and services. A recent audit by the General Accountability Office showed that more than 900 government cloud projects have been authorized by FedRAMP, but hundreds more continue to operate without authorizations, which presents a kaleidoscope of security challenges to the agencies.
This summit will examine the new policy developments, the challenges agencies still face in reusing authorizations, and efforts to pass legislation to put FedRAMP requirements into statute. It will also look at constantly evolving security landscape, the variety of cloud deployment models and the challenges agencies face to secure them.
Topics to be discussed will include:
- New Trusted Internet Connection guidance and how that affects FedRAMP
- How “Software-as-a-Service” authorizations change the process
- Ensuring multi-factor authentication and digital identity requirements
- The effect of new encryption requirements
- How to stretch limited agency funding resources
- Moves to automate the authorization process
- How to use the security assessment framework
Note: Due to the COVID-19 concerns and current restrictions on large public gatherings, this Summit is being planned as an exclusively online event. Should the public health environment change, an in-person component may be reinstated at a later date. Please check back here for updates.