FedRAMP Releases Updated Security Assessment Plan Templates


Last week the GSA FedRAMP Program Office released the latest version of the cloud computing Security Assessment Plan (SAR) template.  This document is the most recent step toward the Federal governments goal of establishing FedRAMP initial operating Capability by June 2012.

The Federal Risk Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Cloud Service Providers (CSP). Testing security controls is an integral part of the FedRAMP security authorization requirements and enables Federal Agencies to use the findings that result from the tests to make risk-based decisions. Providing a plan for security control ensures that the process runs smoothly. This document has been designed for CSP Third-Party Independent Assessors (3PAOs) to use for planning security testing of CSPs. Once filled out, this document constitutes a plan for testing. Actual findings from the tests are to be recorded in FedRAMP security test procedure workbooks and a Security Assessment Report (SAR).

This release also includes templates for:


Bookmark and Share
Cloud Musings on Forbes
( Thank you. If you enjoyed this article, get free updates by email or RSS - KLJ )

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Hacking Into The Indian Education System Reveals Score Tampering

Image
Debarghya Das has a fascinating story on how he managed to bypass a silly web security layer to get access to the results of 150,000 ISCE (10th grade) and 65,000 ISC (12th grade) students in India. While lack of security and total ignorance to safeguard sensitive information is an interesting topic what is more fascinating about this episode is the analysis of the results that unearthed score tampering. The school boards changed the scores of the students to give them "grace" points to bump them up to the passing level. The boards also seem to have tampered some other scores but the motive for that tampering remains unclear (at least to me). I would encourage you to read the entire analysis and the comments , but a tl;dr version is: 32, 33 and 34 were visibly absent. This chain of 3 consecutive numbers is the longest chain of absent numbers. Coincidentally, 35 happens to be the pass mark. Here's a complete list of unattained marks - 36, 37, 39, 41, 43, 45, 47, 49, 51, 53,
Lire la suite

DHS EAGLE & First Source Digital Guide Launched

Image
The Enterprise Acquisition Gateway for Leading Edge Solutions (EAGLE) is a multiple-award indefinite delivery/indefinite quantity (IDIQ) contract vehicle, specifically designed as the preferred source of information technology (IT) services for the majority of the Department of Homeland Security (DHS) enterprise infrastructure and initiatives. According to Soraya Correa, Director of the DHS Office of Procurement Operations (OPO), the success of EAGLE has led to plans for EAGLE II. Designed as a companion contract to EAGLE, FirstSource provides DHS with access to contractor's commercial catalogs which offer a full array of IT commodity products available in the commercial marketplace from multiple original equipment manufacturers, producers, and suppliers. It is built on the same strategy as EAGLE and lets DHS components place their own orders through a centralized ordering vehicle, accessible to senior leadership, where they can find data or information related to their IT needs. S
Lire la suite

Access the Webcams online using google dorks .

Axis: inurl:"view/indexFrame.shtml" inurl:"view/index.shtml" intitle:"Live View / - AXIS" intitle:axis camera intitle:"axis #Kameramodell#" Canon: inurl:sample/LvAppl/ JVC: intitle:"V.Networks [Motion Picture(Java)" EvoCam intitle:"EvoCam" inurl:"webcam.html" WebcamXP: intitle:"my webcamXP server!" MOBOTIX: inurl:/control/userimage.html Panasonic: inurl:/ViewerFrame?Mode=Motion FlexWatch: inurl:toolam.html inurl:viewash.html Toshiba: intitle:"TOSHIBA Network Camera - User Login" Sony: inurl:/home/homeJ.html And Some Others inurl:/view.shtml intitle:”Live View / - AXIS” | inurl:view/view.shtml^ inurl:ViewerFrame?Mode= inurl:ViewerFrame?Mode=Refresh inurl:axis-cgi/jpg inurl:axis-cgi/mjpg (motion-JPEG) inurl:view/indexFrame.shtml inurl:view/index.shtml inurl:view/view.shtml liveapplet intitle:”live view” intitle:axis intitle:liveapplet allintitle:”Network Camera NetworkCamera” intitle:axis intitle:”v
Lire la suite