SlideShare a Scribd company logo

From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

The document provides an overview of the four phases for obtaining an Authority to Operate (ATO) for a Department of Defense (DoD) cloud system: 1. Planning - Select a cloud service provider, categorize the system, select security controls, and develop initial architecture. 2. Initial Deployment and Documentation - Document control implementation, configure security tools, build out initial system, and request network space. 3. Finalize and Accredit Architecture - Load authorization package, submit final package, remediate findings, complete builds, and assess system security. 4. Continuous Monitoring - Update system security plan, conduct monthly scans, update definitions, perform patching and annual assessments. The process follows

Technology
1 of 11
Jennifer Gray Public Sector Compliance Architect From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework Jim Caggy Senior DOD Security Architect
In today’s session we will…  Review DoD Cloud Guidance and Data Impact Levels  Four Phases of DoD System Accreditation  Questions
DoD Cloud References FEDRAMP Government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. DoD Cloud Computing Security Requirements Guide (CC SRG) Outlines the security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions (as defined by NIST) by the DoD. NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations A catalog of security and privacy controls for federal information systems. The controls are customizable and implemented as part of an organization wide process that manages information security and privacy risk.
Cloud Services Provider DoD Cloud Security Requirements Guide – ATO Process 30+ FedRAMP Compliant CSP’s (20+ in-process) IaaS/PaaS/SaaS Providers are a mix of IaaS, PaaS, SaaS (Initial Focus is on IaaS) FedRAMP Authority to Operate CSM ATO Levels 1-2 (Public) CSM ATO Levels 3-5 (Unclass) System- Specific ATO John Doe DoD DAA The DoD provisionally authorized commercial CSP offering is eligible to be included in the Enterprise Cloud Service Catalog DoD Cloud Security Model (Administered via DISA) 3 4 5 6 20+ Provisional Authorizations granted 3 Provisional Authorization granted 2 4 Increasing Security and Operating Requirements CSM ATO Level 6 (Secret) 100’s of Cloud Service Providers (CSP) 1 2
DoD Cloud Security Model Impact Levels Impact Level Description Level 1 Unclassified publicly releasable information e.g., recruiting websites. Level 2 Unclassified publicly releasable information e.g., recruiting websites. Unclassified publicly releasable information, with access controls e.g., library systems. Level 3 Non-National Security System (non-NSS) Controlled Unclassified Information (CUI) – Low confidentiality impact, Moderate integrity impact e.g., training systems. Level 4 Non-National Security System (non-NSS) Controlled Unclassified Information (CUI) – Low confidentiality impact, Moderate integrity impact e.g., training systems. Non-NSS CUI – Moderate confidentiality impact, Moderate integrity impact e.g., HR systems. Level 5 NSS CUI – Moderate confidentiality impact, Moderate integrity impact e.g., email systems. Level 6 Classified information up to and including SECRET – Moderate confidentiality impact, Moderate integrity impact e.g., C2 systems.
Phase 1: Planning Plan Document Assess Authorize Monitor Process Check DISA catalog of approved CSPs Select CSP Review AWS compliance documentation Review security control Inheritance and shared Responsibility Develop initial Architecture Phase I Categorize system Select SRG Impact Level Select security controls
Phase 2: Initial Deployment and Documentation Plan Document Assess Authorize Monitor Process Document security control implementation Coordinate with CNDSP Tier 2 Configure AWS CloudTrail, Config, VPC Flow Logs and CloudWatch Document PPSM Register in SNAP and coordinate CAP connection Phase I Phase II Request DOD IP space Build out base system and test implementation of security controls
Phase 3: Finalize and Accredit Architecture Plan Document Assess Authorize Monitor Process Load security authorization package into eMass Submit final ATO package to your DAA Phase I Phase III Phase II Remediate Document findings Create Plans of Action & Milestones Complete architecture build out, integrations Requirements Lock down system for testing Assess system ‒ Pentest ‒ Vulnerability scan ‒ Compliance reviews
Phase 4: Continuous Monitoring Plan Document Assess Authorize Monitor Process Update SSP Track and report significant changes to AO Phase I Phase III Phase IV Phase II Conduct monthly ACAS scans Update HBSS definitions Conduct patching (IAVM process) Perform annual assessment
NIST SP 800-37 Risk Management Framework Initiation Concept Planning Requirements Analysis Design Development Test Implemen- tation Operations & Maintenance Disposition 1 2 3 4 Architecture Review System Accreditation Security Control Assessment Annual Operational Analysis Independent Verification & Validation Assessment Implementatio n Readiness Review Validation Readiness Review Detailed Design Review Integrated Baseline Review Require- ments Review Post- Implemen- tation Review Security Authorization SLDC Project Review Project Selection Review Project Baseline Review Preliminary Design Review Operational Readiness Review CATAGORIZE THE SYSTEM SELECT CONTROLS IMPLEMENT CONTROLS ASSESS CONTROLS AUTHORIZE THE SYSTEM MONITOR CONTROLS NIST SP 800-37 Risk Management Framework
Questions?

Recommended

Application assessment for cloud affinity definition
Application assessment for cloud affinity definitionApplication assessment for cloud affinity definition
Application assessment for cloud affinity definitionDavide Veronese
 
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...Amazon Web Services
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security ChecklistAmazon Web Services
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Amazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 

Recommended

Application assessment for cloud affinity definition
Application assessment for cloud affinity definitionApplication assessment for cloud affinity definition
Application assessment for cloud affinity definitionDavide Veronese
 
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...
Digital Transformation: Leveraging AWS as a Launchpad (CMP205-S) - AWS re:Inv...Amazon Web Services
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security ChecklistAmazon Web Services
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...
Behind the Scenes: Exploring the AWS Global Network (NET305) - AWS re:Invent ...Amazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Data Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceData Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceUdaiappa Ramachandran
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost ManagementStefano Tempesta
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization WhitepaperCloud Cost Optimization Whitepaper
Cloud Cost Optimization WhitepaperDevPro3
 
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017Amazon Web Services Korea
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment FrameworkMark S. Mahre
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Frameworkssuserdb85d71
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Amazon Web Services
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...Simplilearn
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitorPraveen Nair
 
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - SlidesAWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - SlidesTobyWilman
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or LessAmazon Web Services
 
Cloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxCloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxabhishek22611
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
CRAFT Brochure
CRAFT BrochureCRAFT Brochure
CRAFT BrochurePhaniKishore Burre
 

More Related Content

What's hot

SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Data Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceData Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceUdaiappa Ramachandran
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization WhitepaperCloud Cost Optimization Whitepaper
Cloud Cost Optimization WhitepaperDevPro3
 
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017Amazon Web Services Korea
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment FrameworkMark S. Mahre
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Frameworkssuserdb85d71
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Amazon Web Services
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...Simplilearn
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitorPraveen Nair
 
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - SlidesAWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - SlidesTobyWilman
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or LessAmazon Web Services
 
Cloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxCloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxabhishek22611
 

What's hot (20)

SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
Data Encryption - Azure Storage Service
Data Encryption - Azure Storage ServiceData Encryption - Azure Storage Service
Data Encryption - Azure Storage Service
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost Management
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
Cloud Cost Optimization Whitepaper
Cloud Cost Optimization WhitepaperCloud Cost Optimization Whitepaper
Cloud Cost Optimization Whitepaper
 
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
엔터프라이즈 기술 지원을 통한 효율적인 클라우드 운영 사례 - AWS Summit Seoul 2017
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment Framework
 
Microsoft Cloud Adoption Framework
Microsoft Cloud Adoption FrameworkMicrosoft Cloud Adoption Framework
Microsoft Cloud Adoption Framework
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyone
 
Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation Governance Strategies & Tools for Cloud Formation
Governance Strategies & Tools for Cloud Formation
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
 
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - SlidesAWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - Slides
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito Pact
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
 
Cloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptxCloud Adoption Framework - Overview_partner.pptx
Cloud Adoption Framework - Overview_partner.pptx
 

Viewers also liked

NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...Tahir Abbas
 
Cyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities IndustryCyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities IndustryProlifics
 
Developing Mobile Services on AWS
Developing Mobile Services on AWSDeveloping Mobile Services on AWS
Developing Mobile Services on AWSAmazon Web Services
 
Jazz for Service Management
Jazz for Service ManagementJazz for Service Management
Jazz for Service ManagementIBM Danmark
 
Secure Real-Time Customer Communications with AWS
Secure Real-Time Customer Communications with AWSSecure Real-Time Customer Communications with AWS
Secure Real-Time Customer Communications with AWSAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
 
E readiness assessment framework
E readiness assessment frameworkE readiness assessment framework
E readiness assessment frameworkPrasanna Rasal
 
AWS Summit Singapore - Opening Keynote by Dr. Werner Vogels
AWS Summit Singapore - Opening Keynote by Dr. Werner VogelsAWS Summit Singapore - Opening Keynote by Dr. Werner Vogels
AWS Summit Singapore - Opening Keynote by Dr. Werner VogelsAmazon Web Services
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsAmazon Web Services
 
Isv cloud business readiness assessment
Isv cloud business readiness assessmentIsv cloud business readiness assessment
Isv cloud business readiness assessmentMIS
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Testing Mobile Services on AWS - Pop-up Loft Tel Aviv
Testing Mobile Services on AWS - Pop-up Loft Tel AvivTesting Mobile Services on AWS - Pop-up Loft Tel Aviv
Testing Mobile Services on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
AWS ML and SparkML on EMR to Build Recommendation Engine
AWS ML and SparkML on EMR to Build Recommendation Engine AWS ML and SparkML on EMR to Build Recommendation Engine
AWS ML and SparkML on EMR to Build Recommendation Engine Amazon Web Services
 

Viewers also liked (20)

NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
 
CRAFT Brochure
CRAFT BrochureCRAFT Brochure
CRAFT Brochure
 
Winter 2012-poster
Winter 2012-posterWinter 2012-poster
Winter 2012-poster
 
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
 
Cyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities IndustryCyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities Industry
 
Developing Mobile Services on AWS
Developing Mobile Services on AWSDeveloping Mobile Services on AWS
Developing Mobile Services on AWS
 
Keynote - Dun & Bradstreet
Keynote - Dun & BradstreetKeynote - Dun & Bradstreet
Keynote - Dun & Bradstreet
 
Jazz for Service Management
Jazz for Service ManagementJazz for Service Management
Jazz for Service Management
 
Secure Real-Time Customer Communications with AWS
Secure Real-Time Customer Communications with AWSSecure Real-Time Customer Communications with AWS
Secure Real-Time Customer Communications with AWS
 
Amazon WorkMail
Amazon WorkMailAmazon WorkMail
Amazon WorkMail
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
 
E readiness assessment framework
E readiness assessment frameworkE readiness assessment framework
E readiness assessment framework
 
AWS Summit Singapore - Opening Keynote by Dr. Werner Vogels
AWS Summit Singapore - Opening Keynote by Dr. Werner VogelsAWS Summit Singapore - Opening Keynote by Dr. Werner Vogels
AWS Summit Singapore - Opening Keynote by Dr. Werner Vogels
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Isv cloud business readiness assessment
Isv cloud business readiness assessmentIsv cloud business readiness assessment
Isv cloud business readiness assessment
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Testing Mobile Services on AWS - Pop-up Loft Tel Aviv
Testing Mobile Services on AWS - Pop-up Loft Tel AvivTesting Mobile Services on AWS - Pop-up Loft Tel Aviv
Testing Mobile Services on AWS - Pop-up Loft Tel Aviv
 
AWS ML and SparkML on EMR to Build Recommendation Engine
AWS ML and SparkML on EMR to Build Recommendation Engine AWS ML and SparkML on EMR to Build Recommendation Engine
AWS ML and SparkML on EMR to Build Recommendation Engine
 

Similar to From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...Vsevolod Shabad
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Continuous compliance using data and code
Continuous compliance using data and codeContinuous compliance using data and code
Continuous compliance using data and codeErkang Zheng
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 

Similar to From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework (20)

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Continuous compliance using data and code
Continuous compliance using data and codeContinuous compliance using data and code
Continuous compliance using data and code
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework

  • 1. Jennifer Gray Public Sector Compliance Architect From Zero to ATO: A Step-by-Step Guide on the DoD Compliance Framework Jim Caggy Senior DOD Security Architect
  • 2. In today’s session we will…  Review DoD Cloud Guidance and Data Impact Levels  Four Phases of DoD System Accreditation  Questions
  • 3. DoD Cloud References FEDRAMP Government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. DoD Cloud Computing Security Requirements Guide (CC SRG) Outlines the security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions (as defined by NIST) by the DoD. NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations A catalog of security and privacy controls for federal information systems. The controls are customizable and implemented as part of an organization wide process that manages information security and privacy risk.
  • 4. Cloud Services Provider DoD Cloud Security Requirements Guide – ATO Process 30+ FedRAMP Compliant CSP’s (20+ in-process) IaaS/PaaS/SaaS Providers are a mix of IaaS, PaaS, SaaS (Initial Focus is on IaaS) FedRAMP Authority to Operate CSM ATO Levels 1-2 (Public) CSM ATO Levels 3-5 (Unclass) System- Specific ATO John Doe DoD DAA The DoD provisionally authorized commercial CSP offering is eligible to be included in the Enterprise Cloud Service Catalog DoD Cloud Security Model (Administered via DISA) 3 4 5 6 20+ Provisional Authorizations granted 3 Provisional Authorization granted 2 4 Increasing Security and Operating Requirements CSM ATO Level 6 (Secret) 100’s of Cloud Service Providers (CSP) 1 2
  • 5. DoD Cloud Security Model Impact Levels Impact Level Description Level 1 Unclassified publicly releasable information e.g., recruiting websites. Level 2 Unclassified publicly releasable information e.g., recruiting websites. Unclassified publicly releasable information, with access controls e.g., library systems. Level 3 Non-National Security System (non-NSS) Controlled Unclassified Information (CUI) – Low confidentiality impact, Moderate integrity impact e.g., training systems. Level 4 Non-National Security System (non-NSS) Controlled Unclassified Information (CUI) – Low confidentiality impact, Moderate integrity impact e.g., training systems. Non-NSS CUI – Moderate confidentiality impact, Moderate integrity impact e.g., HR systems. Level 5 NSS CUI – Moderate confidentiality impact, Moderate integrity impact e.g., email systems. Level 6 Classified information up to and including SECRET – Moderate confidentiality impact, Moderate integrity impact e.g., C2 systems.
  • 6. Phase 1: Planning Plan Document Assess Authorize Monitor Process Check DISA catalog of approved CSPs Select CSP Review AWS compliance documentation Review security control Inheritance and shared Responsibility Develop initial Architecture Phase I Categorize system Select SRG Impact Level Select security controls
  • 7. Phase 2: Initial Deployment and Documentation Plan Document Assess Authorize Monitor Process Document security control implementation Coordinate with CNDSP Tier 2 Configure AWS CloudTrail, Config, VPC Flow Logs and CloudWatch Document PPSM Register in SNAP and coordinate CAP connection Phase I Phase II Request DOD IP space Build out base system and test implementation of security controls
  • 8. Phase 3: Finalize and Accredit Architecture Plan Document Assess Authorize Monitor Process Load security authorization package into eMass Submit final ATO package to your DAA Phase I Phase III Phase II Remediate Document findings Create Plans of Action & Milestones Complete architecture build out, integrations Requirements Lock down system for testing Assess system ‒ Pentest ‒ Vulnerability scan ‒ Compliance reviews
  • 9. Phase 4: Continuous Monitoring Plan Document Assess Authorize Monitor Process Update SSP Track and report significant changes to AO Phase I Phase III Phase IV Phase II Conduct monthly ACAS scans Update HBSS definitions Conduct patching (IAVM process) Perform annual assessment
  • 10. NIST SP 800-37 Risk Management Framework Initiation Concept Planning Requirements Analysis Design Development Test Implemen- tation Operations & Maintenance Disposition 1 2 3 4 Architecture Review System Accreditation Security Control Assessment Annual Operational Analysis Independent Verification & Validation Assessment Implementatio n Readiness Review Validation Readiness Review Detailed Design Review Integrated Baseline Review Require- ments Review Post- Implemen- tation Review Security Authorization SLDC Project Review Project Selection Review Project Baseline Review Preliminary Design Review Operational Readiness Review CATAGORIZE THE SYSTEM SELECT CONTROLS IMPLEMENT CONTROLS ASSESS CONTROLS AUTHORIZE THE SYSTEM MONITOR CONTROLS NIST SP 800-37 Risk Management Framework