3 pages/≈825 words
IT & Computer Science
Federal Risk and Authorisation Management Program (FedRAMP) Policies and Procedures (Term Paper Sample)
Explain in 1 page the purpose of the following four general types of policies and procedures set forth in the FedRAMP System Security Template: Access Control Identification and Authentication Physical Environment and Protection, and Risk Assessment (including in particular Vulnerability Scanning. In 3 pages of your memo, you have been asked to describe 2 specific policies and procedures from EACH of those four categories listed above (Access Control, Identification and Authentication, Physical Environment and Protection, and Risk Assessment). In describing these 8 total policies and procedures, you the board has asked you to: Explain how they work Explain why you believe these specific policies and procedures have been included in the FedRAMP required policies and procedures Describe why these policies and procedures are of particular relevance to cloud computing, and Explain why you believe particular policies and procedures have been labeled as they have--i.e., with an "H" (High Baseline Security), "M" (Medium Baseline Security), and "L" (Low Baseline Security). In particular, choose: At least one policy and procedure that is labeled solely with an "(H)" and explain what added level of security is required by this policy/procedure. At least one policy and procedure that is labeled "(L) (M) (H)" and explain why that policy and procedure is so basic that it is required for all 3 types of cloud service security levels. source..
Federal Risk and Authorisation Management Program (FedRAMP) Policies and Procedures Student's Name Institutional Affiliation Introduction The Federal Risk and Authorisation Management Program (FedRAMP) is used by the whole federal government of the United States and provides a coherent framework for cloud vulnerability assessments, licensing, and regular management. FedRAMP was formed in 2011 by an OMB memo to equip executive departments and agencies with a risk-based, cost-effective cloud service adoption and utilization plan. The FedRAMP PMO intends to make it easier for the federal govt to use safe cloud services by providing an integrative approach to risk and security monitoring. According to OMB requirements, any cloud provider that stores government data must be FedRAMP authorized. The security protocols and established procedures that cloud vendors must follow to gain approval. The FedRAMP System Security Template's four core principles and guidelines are intended to serve as a framework for ensuring the safety of cloud-based computing systems. Policies and procedures are developed for each category to address the security concerns associated with cloud computing. Risk Assessment, Vulnerability Scanning: The guidelines and procedures for risk assessment are meant to guarantee that cloud technology networks are regularly evaluated for risks and that remediation plans are in place to address any problems detected (Singh & Kumar, 2020). This collection of procedures and guidelines addresses security holes and hazard identification. Identification and Authentication: Physical Environment and Protection: Its goal is to ensure the architectural security of cloud computing systems through the natural setting and protective rules and processes. This area of processes and rules also includes provisions for protecting network infrastructure networks, information, and hardware. Access Control: The Access Control policies and practices ensure that only authorized users have access to cloud applications and that their access is limited to what is required to perform their job duties (Giulio et al., 2017). This section's guidelines and suggestions deal with user identification, authorization, and accountability. Physical Environment and Protection: The intrusion detection systems in cloud computing are guaranteed by Physical Environment and Protection standards and practices. These rules and procedures include standards for data centre hardware and networking security. Policies and Procedures These rules and procedures are created to prevent illegal access to systems, the data they contain, and the manipulation of those databases and systems. Providers of cloud-based services can ensure their systems are protected and FedRAMP compliant by adhering to the directions in the blueprint. The FedRAMP compliance requirements and procedures for cloud computing platforms will be covered in this section. Access Control Policy: Role-Based Access Control: This policy and practice govern data and system access depending on an organization's user's role. A regulation, for example, may indicate that only those designated as "Auditor" have access to financial information. This policy is significant for cloud-based systems since it ensures that only authorized personnel can access secret information (Singh & Kumar, 2020). This policy is classified as an "H" because it protects sensitive information. Procedure: Complex security technology measures, such as two-factor authentication, must be used for user authentication. Identification and Authentication User IDs and passwords: To establish their identity, users must submit a user ID and password following this policy and legislation. For example, a policy may mandate each employee to have a unique user ID and password to access financial information. This legislation is critical for cloud applications since it protects sensitive data and is only accessed by authorized staff (Singh & Kumar, 2020). This policy is a "H" policy because it is critical to protecting personal information. Procedure: This strategy necessitates implementing dependable authentication methods, such as two-factor authentication, which are required for identity verification. Physical Environment and Protection Physical Access Control: The policies and procedures regulating physical access to the database control warehouse necessitate this. For example, a rule could stipulate that only employees with the title "Bookkeeper" have access to the server’s room where financial information is kept. This restriction is significant in cloud-based solutions since it ensures that only permitted professionals can access confidential data (Giulio et al., 2017). This policy is a "H" policy because it is essential to safeguard private information. Procedure: Data centre facilities must be stored in secure locations with controlled access. Soldiers and video surveillance are needed for physical safety. This policy aims to protect the physical protection of the cloud computing platform. It protects access by situating the data centre equipment in highly guarded localities. Risk Assessment Vulnerability Scanning: This process scans for data and system defects and notifies the IT department if any are detected. For example, a policy can require that all platforms be frequently tested for flaws and that any problem...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
- Telecommuting and The Role of Supervisory Power in ChinaDescription: Telecommuting is when employees of an organization work from various locations, which tends to be their homes. While telecommuting, employees deliver their daily tasks by working remotely and sending their results through the internet. The term telecommuting implies commuting through technology...16 pages/≈4400 words| 12 Sources | APA | IT & Computer Science | Term Paper |
- Hardening U.S Cyber SpaceDescription: The most important problems confronting the modern globe in the twenty-first century is cybercrime. The costs of laptops, smartphones, tablets, and other mobile gadgets unable to protect users from cybercriminals' violent and increasingly advanced attacks are immense, and they are rising exponentially. ...12 pages/≈3300 words| No Sources | APA | IT & Computer Science | Term Paper |
- Data Mining to Recognize Trends and Patterns in the InformationDescription: 1 Data mining can be defined as a process used to discover the previously unidentified patterns in a data. The data mining has numerous names because it goes beyond the limits put by some software sellers to include majority methods of data analysis which can increase the sales applying the approval of ...2 pages/≈550 words| 3 Sources | APA | IT & Computer Science | Term Paper |