Chapter 14

A case study for cloud service providers


This chapter introduces a case study to illustrate the application of the risk management–related activities to a situational use of cloud services that covers both security and privacy within the National Institute of Standards and Technology Risk Management Framework within the context of the Federal Risk and Authorization Management Program. This chapter highlights lessons learned attained from a Third Party Assessment Organization (3PAO) providing consulting and conducting 3PAO assessments. These lessons will be critical to the Cloud Service Provider (CSP) as we have no doubt the CSP will encounter challenges on the way to a “FedRAMP Ready,” Agency Authorization To Operate (ATO), ...

Get Federal Cloud Computing, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.