Search over 27,600 MOOC courses
enter subject, university name or course name
Career Evolve is your partner in online learning and career development. Search our catalog of 28,000+ courses from over 21,000 top colleges and universities. Our partners have helped over 2 million students and continue to enroll over 30,000 students each month. Career Evolve provides you with access to free and affordable online training.

You can take courses in subjects varying from Philosophy to Computer Science or even Advanced Fiction Writing to Becoming a Physical Therapy Aide. Learn at your pace anytime and anywhere.
Career Evolve also integrates with LinkedIn to profile your achievements to potential employers.

Whether you are searching for micro learning from providers, such as Coursera, EdX or courses from leading Universities like MIT, Stanford and Peking University, Career Evolve is the answer for affordable learning and shrinking training budgets.

Invest in yourself with Career Evolve.

Discover your next learning opportunity from just one of our many Universities



Massachusetts Institute of Technology Georgetown University University of Queensland Boston University McGill University
Harvard University UC Berkeley Cornell University University of British Columbia Hong Kong University of Science and Technology

Wednesday, 6 July 2016

An Actionable Guide to Getting FedRAMP Certified

A woman-owned small business takes us inside the FedRAMP process and provides tips for navigating the road to certification.
 
Achieving a Federal Risk and Authorization Management Program (FedRAMP) certification can be a daunting and expensive task. The recently proposed modifications to the process would potentially trim the overall approval time to six months, which means that demonstrating mature security practices and documentation readiness are more important than ever.
With the government IT landscape moving rapidly toward cloud adoption, it's very likely that FedRAMP will become a must-have certification for all solutions providers in government.
Often, organizations find that getting started and setting the right expectations with government customers and internal stakeholders are the most challenging parts of the process. Since cloud solutions vary greatly in architecture and system boundaries, there is no one-size-fits-all recipe for success. However, learning the following lessons can help cloud solution providers (CSPs) take the right initial steps to effectively navigate the evaluation.

Submit to a Robust Readiness Audit

When undergoing the FedRAMP process, preparation is key, and a readiness audit by a third-party assessment organization (3PAO) can be invaluable in identifying gaps and areas for improvement. Technical leaders need to define the roles and responsibilities of each person within their organization, clearly outline system boundaries and determine what services are “out of system bounds.”
Organizations should not modify the core FedRAMP templates. Changing the templates would likely cause significant delays in the security evaluation, due to the automated processes that ingest the FedRAMP documents. If the CSPs modify the templates, the FedRAMP automation routines fail, which means that the reviewers need to map back to the original templates in a piecemeal fashion.

Use Best Practices Around Multi-factor Authentication and System Boundaries

To ensure the FedRAMP accreditation goes as smoothly as possible, all internal and external authentication processes should use multi-factor authentication. Many government agencies are looking to implement stronger identity and access management practices, so multi-factor authentication is becoming a matter of basic hygiene.
To further accelerate the process, companies should also construct a system boundary around only their most popular offerings rather than around the entire technical stack.

Bring Together a Cross-Functional Team to Develop Your Package

It is critical to engage with industry experts and partners, such as a 3PAO auditor, with proven experience to minimize unknown risk and accelerate the compliance timeline. Identifying organizational knowledge gaps early will allow the company to execute a focused optimization of internal and consulting resources. For example, since FedRAMP has prescriptive documentation requirements, CSPs may need to find technical writers who are experienced in properly articulating security controls and risk-mitigation processes. The documentation component of securing accreditation is not trivial, and it’s important to address it properly to avoid delays.
The comprehensive standards, policies and processes required by FedRAMP can be overwhelming. Educating the entire leadership team about the program and the high baseline requirements is key for marshaling the right resources to successfully navigate the accreditation. Last but not least, it’s important to take advantage of publicly available FedRAMP tools, tips, and recommendations. The program officials are actively promoting industry best practices and disseminating recipes for success that shed light onto the direct and indirect requirements.
For its Beacon SaaS, which has an agency authorization through the National Institutes of Health, NetComm is the first women-owned small business to achieve FedRAMP compliance in 2016.
pavlinec/ThinkStock

No comments:

Post a Comment

Featured

Starting a Consulting 

Practice

Starting a Consulting Practice

Find out how you can earn income by sharing your training or knowledge with others.
PMP ® Certification Prep 1

PMP ® Certification Prep 1

Begin a well-paying career as a project manager by preparing to take--and pass--the PMP® certification exam.
How to Get Started in Game Development

How to Get Started in Game Development

Take steps toward a new career in game development by building a foundation to design games in a wide variety of genres for different audiences and platforms.
Accounting Fundamentals

Accounting Fundamentals

Gain a marketable new skill by learning the basics of double-entry bookkeeping, financial reporting, and more.
Conversational Japanese

Conversational Japanese

Whether you want to learn conversational Japanese for travel or just for fun, you'll find this course makes it easy and enjoyable for beginners to master the essentials of the Japanese language.
Introduction to QuickBooks 2015

Introduction to QuickBooks 2015

Learn how to quickly and efficiently gain control over the financial aspects of your business using this powerful software program.

Student Profiles