Abstract

This chapter introduces a case study to illustrate the application of the risk management–related activities to a situational use of cloud services that covers both security and privacy within the National Institute of Standards and Technology Risk Management Framework within the context of the Federal Risk and Authorization Management Program. This chapter highlights lessons learned attained from a Third Party Assessment Organization (3PAO) providing consulting and conducting 3PAO assessments. These lessons will be critical to the Cloud Service Provider (CSP) as we have no doubt the CSP will encounter challenges on the way to a “FedRAMP Ready,” Agency Authorization To Operate (ATO), ...