A New Federal Cloud Compliance Program Is The Federal Risk...

A. INTRODUCTION Federal organizations are moving their services to the cloud to minimize their software and infrastructure footprint and to save money, time, and resources. As cloud service providers (CSPs) are becoming prevalent, we must analyze the security of these services to ensure compliance with standards and laws that protect customers, citizens, and information. Therefore, this paper analyzes a new federal cloud compliance program called the Federal Risk and Authorization Management Program (FedRAMP). This paper also establishes that FedRAMP can indirectly aid federal government organizations to be compliant with the following laws: Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Family Educational Rights and Privacy Act (FERPA); the International Traffic in Arms Regulations (ITAR); and the Payment Card Industry Data Security Standard (PCI DSS). This paper will briefly explain these four laws and cloud computing discussions regarding these laws. This paper will also explain FedRAMP and the way it can help federal organizations to be complaint with these laws. B. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) HIPAA was originally established in 1996 to mandate the Department of Health and Human Services (HHS) to establish national standards for the transfer of electronic medical records with the intent to facilitate transferring of medical records; it applies to health plans, health care clearinghouses, and healthShow MoreRelatedThe Evolution of the Computer to the Cloud Essay1722 Words   |  7 Pagesthe new software’s have also evolved. A software that satisfies the needs of sending secure data over the Internet is called cloud computing. With PCs, cloud computing has evolved to another level making it easier and simpler to use and provide others with secure information. One problem that is faced by cloud computing organization is the doubt of it keeping files secured. Security reasons are the main concern for cloud computing since everything is over the Internet. On the other hand, cloud computingRead MoreResearch On Cloud Computing Risks And Risk Assessment Frameworks1296 Word s   |  6 Pages Contents 1. Abstract 1 2. Introduction 1 3. Team structure work experience 2 3.1. Project #1: Data crunching using tableau 3 3.2. Project #2: Research on cloud computing risks and risk assessment frameworks 4 4. Learnings conclusion 7 1. Abstract This report describes the activities and tasks carried out during a 10 - week, full-time internship at the American International Group (AIG). The document contains information about AIG and the responsibilities performedRead MoreProposal : Centralized Learning Network916 Words   |  4 PagesBriargrove Proposal: Centralized Learning Network (CLN) Briargrove is a property management organization, which owns 500 commercial and residential properties in foreign and domestic markets. Torres Technology Adapters developed a project-planning proposal to migrate databases currently used by Briargrove and expand its educational hub by establishing a centralized learning network. Briargrove employs more than two thousand who are either, full-time, part-time, or contract employees. ThisRead MoreEvaluation Principles, Performance Measures For Microsoft Corporation And Their Corresponding Products And Services Based On Completeness, Compliance1510 Words   |  7 PagesCorporation and their corresponding products and services based on completeness, compliance, and ability to prevent critical infrastructure failure. Research and evaluation presents policy strengths and weaknesses, then recommended changes discussed. Evaluation criteria of the cybersecurity policy identified include; critical infrastructure system recovery efforts, data protection and privacy, national policy efforts, and compliance and regulatory standards. Within the evaluation principles, performanceRead MoreAn Evaluation of Security Acts and Models Essay1672 Words   |  7 Pagesand risk management. Guiding Principles Several statues have been enacted in order to uphold the fundamental rights to the privacy of an individual’s information. In particular, these laws pertain to what it is known as personally identifiable information (PII). PII should always be protected via means of encryption and additional security measures not only when it is being transmitted across the internet, but also when it is being stored locally on a server. Many of these security and risk orientedRead MoreCloud Computing Security67046 Words   |  269 PagesSECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 INTRODUCTION The guidance provided herein is the third version of the Cloud Security Alliance document, â€Å"Security Guidance for Critical Areas of Focus in Cloud Computing,† which was originally released in April 2009. The permanent archive locations for these documents are: http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (this document)Read MoreOffice 365 White Paper3865 Words   |  16 PagesWhite Paper  © 2013 Microsoft Corporation.   All rights reserved.   This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.  This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Introduction 2 Office 365â„ ¢ Security 3 Built-InRead MoreInformation Assurance Guidelines For Commercial Buildings And Real Estate Companies2334 Words   |  10 Pagesdata, specifically the data which contains the sensitive information pertaining to BuildingDNA’s current and future cliental. This will include BuildingDNA storage mediums, such as the information systems belonging to BuildingDNA extended workforce, Cloud-based storage warehouses, centralized storage mediums, and any other information system utilized by BuildingDNA. The information assurance guidelines will address the security topics that deal with the training and qualification of the workforceRead MoreDraft Cloud Computing Synopsis and Recommendations33529 Words   |  135 PagesSpecial Publication 800-146 DRAFT Cloud Computing Synopsis and Recommendations Recommendations of the National Institute of Standards and Technology Lee Badger Tim Grance Robert Patt-Corner Jeff Voas NIST Special Publication 800-146 DRAFT Cloud Computing Synopsis and Recommendations Recommendations of the National Institute of Standards and Technology Lee Badger Tim Grance Robert Patt-Corner Jeff Voas C O M P U T E R S E C U R I T Y Computer Security Division Information TechnologyRead Moreeconomic15014 Words   |  61 PagesChapter 9 Functional Area and Compliance Systems Quick Look Case 1, Opening Case: International Speedway Gets Lean 9.1 Management Levels and Functional Systems 9.2 Manufacturing, Production, and Transportation Systems 9.3 Sales and Marketing Systems 9.4 Accounting, Finance, and Compliance Systems 9.5 Human Resources Systems, Compliance, and Ethics Key Terms Chapter 9 Link Library Evaluate and Expand Your Learning †¢ IT and Data Management Decisions †¢ Questions for Discussion