Chapter 10

Security Assessment and Authorization: Governance, Preparation, and Execution

Information in this chapter:

• Introduction to the Security Assessment Process

• Governing the Security Assessment

• Preparing for the Security Assessment

• Executing the Security Assessment Plan

Introduction to the Security Assessment Process

The security assessment process is a key component of the NIST Risk Management Framework (RMF)1 and the Federal Risk and Authorization Management Program (FedRAMP).2 FedRAMP3 enables the adoption and use of cloud services through a cost-effective, risk-based approach that ensures security assessments are an integral part of the system development life cycle (SDLC).4 FedRAMP also enables federal agencies to benefit ...

Get Federal Cloud Computing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.