As the global nature of technology continues to evolve, the complexity of adhering to both global and local laws and regulations becomes greater. The most significant trend in the US government market is the move from security compliance to security risk management. Relevant guidance addressing this move is contained in the following:
- The Federal Risk and Authorization Management Program (FedRAMP), which provides a standard approach for security assessments, authorizations, and continuous monitoring of cloud computing products and services.
- The Department of Defense (DoD) cloud computing security requirements, which extend the FedRAMP security requirements to meet the unique requirements of the DoD.
- ICD 503, which replaces DCID 6/3 and 6/5 and establishes intelligence community policies for security risk management of information technology...