FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.
The DOD keeps its own catalog of system vulnerabilities, the IAVM. You can think about this as the computer security alerting system for the DOD. If you get an IAVM, it will tell you what the vulnerability is, how critical it is, and if you need to patch it immediately. The rest of the world … Continue reading DISA releases IAVA-to-CVE mapping
This is an expanded version of a document that I wrote for Red Hat internally. I'm now sharing it with all of you because I find myself reciting this information at least once a week. I hope you enjoy it. Please keep in mind that I'm not a lawyer, DAA, or procurement officer. All the … Continue reading A Common Criteria Primer