Agencies fall short implementing FedRAMP requirements for cloud vendors, GAO finds
Though all of the systems had FedRAMP authorizations, most were not meeting key requirements of the cloud security authorization program.
Advertisement
continuous monitoring
HHS commits to continuous monitoring, after information security found ‘not effective’
HHS is working with the Department of Homeland Security to implement automated CDM tools.
FedRAMP eyes .govCAR for other authorization applications
The program management office hopes .govCAR will streamline the security authorization process.
Companion CDM bill to be introduced in House
The legislation would codify the Department of Homeland Security’s program for monitoring federal networks and require the agency to regularly update continuous monitoring tools.
CDM deserves more support from Congress, senators say
John Cornyn, R-Texas, and Maggie Hassan, D-N.H., introduced the Advancing Cybersecurity CDM Act, which would make the program law.
Report: CFPB should assess risks to cloud systems before their deployment
The system went unnamed in the Federal Reserve OIG's evaluation, but it supports the bureau's Consumer Response Call Center.
Advertisement
This agency is preparing to score its cyber risk with a new algorithm
“From the time that the scores come online, what gets measured gets done,” said the manager of the Continuous Diagnostics and Mitigation program.
What keeps federal cyber experts up at night about CDM
NASA is an early CDM success story, but continuous monitoring tools need maintaining.
FedRAMP issues new continuous monitoring guidance and requirements
FedRAMP issued new documents detailing the requirements needed for automated scanning.
FedRAMP looking at third-party access in upcoming authorization boundary guidance
FedRAMP previewed upcoming guidance it will issue on the external services cloud service providers should document for continuous monitoring compliance.