LEADER 03700nam 2200457Ia 450 001 9910583025003321 005 20230120003549.0 010 $a0-12-809687-X 035 $a(CKB)4540000000000068 035 \\$a(Safari)9780128096871 035 $a(OCoLC)971255766 035 $a(CaSebORM)9780128096871 035 $a(MiAaPQ)EBC4778675 035 $a(EXLCZ)994540000000000068 100 $a20170203d2017 uy 0 101 0 $aeng 135 $aurunu|||||||| 181 $ctxt$2rdacontent 182 $cc$2rdamedia 183 $acr$2rdacarrier 200 10$aFederal cloud computing $ethe definitive guide for cloud service providers /$fMatthew Metheny ; technical editor, Waylon Krush 205 $aSecond edition. 210 1$aCambridge, MA :$cSyngress,$d[2017] 210 4$dİ2017 215 $a1 online resource (1 volume) $cillustrations 311 $a0-12-809710-8 320 $aIncludes bibliographical references and index. 327 $aIntroduction to the federal cloud computing strategy -- Cloud computing standards -- A case for open source -- Security and privacy in public cloud computing -- Applying the NIST risk management framework -- Risk management -- Comparison of FISMA with other security compliance standards -- FedRAMP primer -- The FedRAMP cloud computing security requirements -- Assessment and authorization (A & A): governance, preparation, and execution -- Strategies for continuous monitoring -- Cost-effective compliance using security automation appendix -- Federal-focused case study for cloud service providers using the CSA GRC stack. 330 $aFederal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing. Provides a common understanding of the federal requirements as they apply to cloud computing Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization 606 $aCloud computing$xGovernment policy$zUnited States 606 $aComputer security$xGovernment policy$zUnited States 615 0$aCloud computing$xGovernment policy 615 0$aComputer security$xGovernment policy 700 $aMetheny$b Matthew$0866619 702 $aKrush$b Waylon 801 0$bUMI 801 1$bUMI 906 $aBOOK 912 $a9910583025003321 996 $aFederal cloud computing$91934505 997 $aUNINA