Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

https://www.fedramp.gov/faqs/

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments.

Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high risk impact levels. Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.


CSA - Cloud Security Alliance  - Security, Trust, Assurance and Risk (STAR)

Security, Trust, Assurance and Risk (STAR)
The industry's most powerful program for security assurance in the cloud.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.

Level 1 - self assessment with cloud security standards 

Level 2 - audited proof of compliance with cloud security standards

Which organizations should pursue level 2?

Organizations should pursue this level if they are...

  • Operating in a medium to high risk environment
  • Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR
  • Looking for a cost-effective way to increase assurance for cloud security and privacy.




Step-by-step guide for Example

...