Linking the Cloud to Continuous Monitoring

February 21, 2012
Cyber Security, FedCyber Wire, Requirements
No Comment

NIST information risk management evangelist Ron Ross sees continuous monitoring playing a vital role in securing cloud computing.

The Federal Risk and Authorization Management Program known as FedRAMP fits very nicely with continuous monitoring by allowing agencies to define good sets of security requirements for cloud computing providers, Ross says in an interview previewing a presentation he will make at the RSA Conference 2012 in San Francisco later this month.

“When any federal information is moved to the cloud, we can be sure that the appropriate security controls are implemented on behalf of the cloud provider and their environment of operations,” says Ross, a National Institute of Standards and Technology senior computer scientist who led a team that wrote the latest revision of NIST Special Publication 800-53, which will be unveiled at the security conference.

via GovInfoSecurity, continued here.