Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report
May 02 2014
Security

Continuous Monitoring in the Cloud

The Department of Homeland Security is helping agencies implement continuous diagnostics and mitigation by 2017.
by

Wylie Wong is a freelance journalist who specializes in business, technology and sports. He is a regular contributor to the CDW family of technology magazines.

The General Services Administration is trying to figure out how best to integrate CDM into the Federal Risk and Authorization Management Program, says FedRAMP director Maria Roat. FedRAMP provides a standard set of baseline security controls that government and commercial cloud providers must meet to offer cloud services to agencies.

For starters, GSA must determine which stakeholders will be responsible for CDM in a cloud environment. For example, if a service provider is responsible for an Infrastructure as a Service offering and an agency installs an application in that IaaS cloud, is the agency responsible for the app’s continuous monitoring?

“We are having discussions about applying CDM in a shared services environment,” Roat says.

Current FedRAMP controls outline initial requirements for CDM in cloud services. GSA is working on an updated version of the FedRAMP baseline, incorporating controls from NIST SP 800-53 Revision 4, which focuses on continuous monitoring.

<p>Stewart Sutton/ThinkStock</p>

More On

Related Articles