Federal Risk and Authorisation Management Program (FedRAMP) Policies and Procedures (Term Paper Sample)

Federal Risk and Authorisation Management Program (FedRAMP) Policies and Procedures Student's Name Institutional Affiliation Introduction The Federal Risk and Authorisation Management Program (FedRAMP) is used by the whole federal government of the United States and provides a coherent framework for cloud vulnerability assessments, licensing, and regular management. FedRAMP was formed in 2011 by an OMB memo to equip executive departments and agencies with a risk-based, cost-effective cloud service adoption and utilization plan. The FedRAMP PMO intends to make it easier for the federal govt to use safe cloud services by providing an integrative approach to risk and security monitoring. According to OMB requirements, any cloud provider that stores government data must be FedRAMP authorized. The security protocols and established procedures that cloud vendors must follow to gain approval. The FedRAMP System Security Template's four core principles and guidelines are intended to serve as a framework for ensuring the safety of cloud-based computing systems. Policies and procedures are developed for each category to address the security concerns associated with cloud computing. Risk Assessment, Vulnerability Scanning: The guidelines and procedures for risk assessment are meant to guarantee that cloud technology networks are regularly evaluated for risks and that remediation plans are in place to address any problems detected (Singh & Kumar, 2020). This collection of procedures and guidelines addresses security holes and hazard identification. Identification and Authentication: Physical Environment and Protection: Its goal is to ensure the architectural security of cloud computing systems through the natural setting and protective rules and processes. This area of processes and rules also includes provisions for protecting network infrastructure networks, information, and hardware.  Access Control: The Access Control policies and practices ensure that only authorized users have access to cloud applications and that their access is limited to what is required to perform their job duties (Giulio et al., 2017). This section's guidelines and suggestions deal with user identification, authorization, and accountability.  Physical Environment and Protection: The intrusion detection systems in cloud computing are guaranteed by Physical Environment and Protection standards and practices. These rules and procedures include standards for data centre hardware and networking security. Policies and Procedures These rules and procedures are created to prevent illegal access to systems, the data they contain, and the manipulation of those databases and systems. Providers of cloud-based services can ensure their systems are protected and FedRAMP compliant by adhering to the directions in the blueprint. The FedRAMP compliance requirements and procedures for cloud computing platforms will be covered in this section. Access Control Policy: Role-Based Access Control: This policy and practice govern data and system access depending on an organization's user's role. A regulation, for example, may indicate that only those designated as "Auditor" have access to financial information. This policy is significant for cloud-based systems since it ensures that only authorized personnel can access secret information (Singh & Kumar, 2020). This policy is classified as an "H" because it protects sensitive information. Procedure: Complex security technology measures, such as two-factor authentication, must be used for user authentication. Identification and Authentication User IDs and passwords: To establish their identity, users must submit a user ID and password following this policy and legislation. For example, a policy may mandate each employee to have a unique user ID and password to access financial information. This legislation is critical for cloud applications since it protects sensitive data and is only accessed by authorized staff (Singh & Kumar, 2020). This policy is a "H" policy because it is critical to protecting personal information. Procedure: This strategy necessitates implementing dependable authentication methods, such as two-factor authentication, which are required for identity verification. Physical Environment and Protection Physical Access Control: The policies and procedures regulating physical access to the database control warehouse necessitate this. For example, a rule could stipulate that only employees with the title "Bookkeeper" have access to the server’s room where financial information is kept. This restriction is significant in cloud-based solutions since it ensures that only permitted professionals can access confidential data (Giulio et al., 2017). This policy is a "H" policy because it is essential to safeguard private information. Procedure: Data centre facilities must be stored in secure locations with controlled access. Soldiers and video surveillance are needed for physical safety. This policy aims to protect the physical protection of the cloud computing platform. It protects access by situating the data centre equipment in highly guarded localities. Risk Assessment Vulnerability Scanning: This process scans for data and system defects and notifies the IT department if any are detected. For example, a policy can require that all platforms be frequently tested for flaws and that any problem...