Introductory episode to The Dude Says, where I share my background and what I’m working on. GIAC GCCC #242
Tag: NIST
CSIP Looks Good
After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy. I expect the timelines to be challenging, though. Working in a multi-national, Fortune 500 company, I know that if you don’t already have some information collected and… Continue reading CSIP Looks Good
Cloud First & Federal Controls – discussion from Federal News Radio
Federal News Radio Alex Grohmann of Morgan Franklin and John Dyson of Deloitte for a discussion of the controls imposed on the federal Cloud First initiative by NIST 800-53 and FedRAMP. No joke, it can be a grind to listen to even though the participants have fun. I found some real meat around minute… Continue reading Cloud First & Federal Controls – discussion from Federal News Radio
Cloud First, US Gov Style (FedRAMP)
“Cloud first” is an approach I’ve heard articulated as a means to delivering on business objectives. The policy I’ve heard has referenced if not been predicated on the fact that the US government is implementing this policy in their federal agencies. My first thought: how is the government accomplishing such a presumably agile, flexible and… Continue reading Cloud First, US Gov Style (FedRAMP)