We finally have a draft NIST SP 800-53r4. My lord, this is taking forever. For good reason, but... still. It's to be finalized in July, with comments on this draft due to email@example.com by April 6th. Here are the highlights, in their words since I haven't had a chance to read it myself: Clarification of security … Continue reading NIST SP 800-53r4 now in draft
FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.