May 02 2014
Security

Continuous Monitoring in the Cloud

The Department of Homeland Security is helping agencies implement continuous diagnostics and mitigation by 2017.
by

Wylie Wong is a freelance journalist who specializes in business, technology and sports. He is a regular contributor to the CDW family of technology magazines.

The General Services Administration is trying to figure out how best to integrate CDM into the Federal Risk and Authorization Management Program, says FedRAMP director Maria Roat. FedRAMP provides a standard set of baseline security controls that government and commercial cloud providers must meet to offer cloud services to agencies.

For starters, GSA must determine which stakeholders will be responsible for CDM in a cloud environment. For example, if a service provider is responsible for an Infrastructure as a Service offering and an agency installs an application in that IaaS cloud, is the agency responsible for the app’s continuous monitoring?

“We are having discussions about applying CDM in a shared services environment,” Roat says.

Current FedRAMP controls outline initial requirements for CDM in cloud services. GSA is working on an updated version of the FedRAMP baseline, incorporating controls from NIST SP 800-53 Revision 4, which focuses on continuous monitoring.

<p>Stewart Sutton/ThinkStock</p>

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now