You are previewing Federal Cloud Computing.
O'Reilly logo
Federal Cloud Computing

Book Description

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.

You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.



  • Provides a common understanding of the federal requirements as they apply to cloud computing
  • Provides a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
  • Provides both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication 1
  6. Dedication 2
  7. About the Author
  8. About the Technical Editor
  9. Foreword by William Corrington
  10. Foreword by Jim Reavis
  11. Chapter 1. Introduction to the Federal Cloud Computing Strategy
    1. Introduction
    2. A Historical View of Federal IT
    3. Cloud Computing: Drivers in Federal IT Transformation
    4. Decision Framework for Cloud Migration
    5. Summary
    6. References
  12. Chapter 2. Cloud Computing Standards
    1. Introduction
    2. Standards Development Primer
    3. Cloud Computing Standardization Drivers
    4. Identifying Standards for Federal Cloud Computing Adoption
    5. Summary
    6. References
  13. Chapter 3. A Case for Open Source
    1. Introduction
    2. Open Source and the Federal Government
    3. OSS Adoption Challenges: Acquisition and Security
    4. OSS and Federal Cloud Computing
    5. Summary
    6. References
  14. Chapter 4. Security and Privacy in Public Cloud Computing
    1. Introduction
    2. Security and Privacy in the Context of the Public Cloud
    3. Federal Privacy Laws and Policies
    4. Safeguarding Privacy Information
    5. Security and Privacy Issues
    6. Summary
    7. References
  15. Chapter 5. Applying the NIST Risk Management Framework
    1. Introduction to FISMA
    2. Risk Management Framework Overview
    3. NIST RMF Process
    4. Summary
    5. References
  16. Chapter 6. Risk Management
    1. Introduction to Risk Management
    2. Federal Information Security Risk Management Practices
    3. Overview of Enterprise-Wide Risk Management
    4. NIST Risk Management Process
    5. Comparing the NIST and ISO/IEC Risk Management Processes
    6. Summary
    7. References
  17. Chapter 7. Comparison of Federal and International Security Certification Standards
    1. Introduction
    2. Overview of Certification and Accreditation
    3. NIST and ISO/IEC Information Security Standards
    4. Summary
    5. References
  18. Chapter 8. FedRAMP Primer
    1. Introduction to FedRAMP
    2. FedRAMP Policy Memo
    3. FedRAMP Concept of Operations
    4. Third Party Assessment Organization Program
    5. Summary
    6. References
  19. Chapter 9. The FedRAMP Cloud Computing Security Requirements
    1. Security Control Selection Process
    2. FedRAMP Cloud Computing Security Requirements
    3. Summary
    4. References
  20. Chapter 10. Security Assessment and Authorization: Governance, Preparation, and Execution
    1. Introduction to the Security Assessment Process
    2. Governance in the Security Assessment
    3. Preparing for the Security Assessment
    4. Executing the Security Assessment Plan
    5. Summary
    6. References
  21. Chapter 11. Strategies for Continuous Monitoring
    1. Introduction to Continuous Monitoring
    2. The Continuous Monitoring Process
    3. Continuous Monitoring within FedRAMP
    4. Summary
    5. References
  22. Chapter 12. Cost-Effective Compliance Using Security Automation
    1. Introduction
    2. CM Reference Architectures
    3. Security Automation Standards and Specifications
    4. Operational Visibility and Continuous Monitoring
    5. Summary
    6. References
  23. Chapter 13. A Case Study for Cloud Service Providers
    1. Case Study Scenario: “Healthcare Exchange”
    2. Applying the Risk Management Framework within FedRAMP
    3. References
  24. Index