|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
Exploring the FedRAMP Cloud Computing Security Requirements Baseline
Post 302478730 by Linux Bot on Wednesday 8th of December 2010 06:30:03 PM
12-08-2010
Exploring the FedRAMP Cloud Computing Security Requirements Baseline
The FedRAMP Security Requirements "describes the U.S. Government's proposed Assessment and Authorization (A&A) for U.S. Government Cloud Computing." In chapter 1, the FedRAMP PMO defined the proposed requirements (security controls) for a Low- and Moderate-Impact Cloud Computing environment (although not specifically characterizing any specific applicability to the Cloud Delivery or Service Model). In addition, the FedRAMP (DRAFT) publication draws on the existing NIST standards and guidelines to support the authroization of Cloud Services for the Federal Government. However, the FedRAMP publication limits the scope and tailoring of the control requirements to specifying the control parameters [refer to Section 3.3 within NIST SP 800-53, Rev. 3] and adding some additional Control Requirements and Supplemental Guidance to that which already exists within the Security Control Catalog (refer to NIST SP 800-53, Rev 3 - Appendix F).
In the past, NIST has supplemented NIST SP 800-53 to address "information system that differ significantly from traditional administrative, mission support, and scientific data processing information systems." (Refer to NIST SP 800-53 - Appendix I which establish a security control baseline specific to Industrial Control Systems). Although, Cloud Computing is not a new technology, it is a unique capability with unique security challenges.
The FedRAMP Cloud Computing Security Requirements Baseline section within FedRAMP.net (http://www.fedramp.net/Cloud+Computi...ments+Baseline) will focus on exploring the selected security control baseline as part of the "Proposed Security Assessment & Authorization for U.S. Government Cloud Computing (DRAFT)" to:
If you are interested in contributing your input, register at FedRAMP.net.
More...
In the past, NIST has supplemented NIST SP 800-53 to address "information system that differ significantly from traditional administrative, mission support, and scientific data processing information systems." (Refer to NIST SP 800-53 - Appendix I which establish a security control baseline specific to Industrial Control Systems). Although, Cloud Computing is not a new technology, it is a unique capability with unique security challenges.
The FedRAMP Cloud Computing Security Requirements Baseline section within FedRAMP.net (http://www.fedramp.net/Cloud+Computi...ments+Baseline) will focus on exploring the selected security control baseline as part of the "Proposed Security Assessment & Authorization for U.S. Government Cloud Computing (DRAFT)" to:
- Ensure coverage and applicability within Cloud Computing operating environments and within NIST SP 800-53, Rev. 3;
- Identify and address Cloud-specific security considerations relevant to the objectives of each security control; and
- List relevant references to support implementation and assessment
More...
|
|
4 More Discussions You Might Find Interesting
1. Virtualization and Cloud Computing
Tim Bass
Thu, 15 Nov 2007 23:55:07 +0000
*I predict we may experience less*debates*on the use of the term “event cloud”*related to*CEP in the future, now that both IBM and Google* have made announcements about “cloud computing” and “computing cloud”, IBM Turning Data Centers Into ‘Computing... (0 Replies)
Discussion started by: Linux Bot
0 Replies
2. Virtualization and Cloud Computing
by Eric Knorr, InfoWorld.comSo many vendors have jumped on the cloud computing bandwagon, the phrase already risks jumping the shark. The problem is that “cloud computing” has two distinctly different meanings: The use of commercial Internet-based services, and the architecture for building and... (0 Replies)
Discussion started by: Linux Bot
0 Replies
3. HP-UX
I work for a British based company.
We are looking for a cloud computing provider enabling us to use
HP on Itanium and HP hardware.
anyone know of any?
cheers. (0 Replies)
Discussion started by: bigearsbilly
0 Replies
4. Virtualization and Cloud Computing
Hi,
I am working as Linux system administrator now I want to learn cloud computing too. I tried Googling but couldn't find appropriate information so thought to ask people here.
Can somebody suggest me correct path along with tutorials/PDF/HTMLs?
Really appreciate your help.
thx
Pras (1 Reply)
Discussion started by: prashant2507198
1 Replies
LEARN ABOUT CENTOS
secmod.db
SECMOD.DB(5) Network Security Services SECMOD.DB(5) NAME
secmod.db - Legacy NSS security modules database DESCRIPTION
secmod.db is an NSS security modules database. The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface. The command line utility modutil is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens. For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases. FILES
/etc/pki/nssdb/secmod.db SEE ALSO
modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5) AUTHORS
The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. Authors: Elio Maldonado <emaldona@redhat.com>. LICENSE
Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. nss 3.15.4 17 June 2014 SECMOD.DB(5)