FedRAMP for Cloud Computing

Kratos SecureInfo Cybersecurity Services
Duration:
3 Day Course

Background:
 Every federal department/agency must use the Federal Risk and Authorization Management Program (FedRAMP) when conducting risk assessments, security authorizations and granting ATOs for all use of cloud computing services.

This FedRAMP for Low/Moderate Cloud Computing Environments 3-day course introduces the attendees to the program’s innovative policy approach to developing trusted relationships between the government departments/agencies, third party assessment organizations (3PAOs) and cloud service providers (CSPs). The roles and responsibilities of all key FedRAMP players will be covered in detail, including the government, 3PAOs and the CSPs. 

Attendees will be introduced to the sets of NIST SP 800-53 (Rev. 4) security controls required for a low impact and a moderate impact cloud environment. The newly proposed Cloud Security Assessment and Authorization (A&A) Process will be covered in detail, along with the numerous documents needed to support the A&A.

Cost: $1,500.00 (GSA rates and volume discounts are available)

Materials Required:
Students of mobile training classes must provide their own computers.

Course Materials Provided: Students will receive a workbook (to include instructional slides) and resource kit with applicable federal guidance.

Locations: We offer this course in the Kratos SecureInfo training classroom (San Antonio, TX or Chantilly, VA locations) or via mobile training at your facility for up to 20 students per course. Contact us at training@KratosSecureInfo.com or (210) 403-5600 or (888) 677-9351 (ask for the Training Department) for more information and pricing on mobile training options.

Who Should Attend?

  • Individuals associated with the design, development, implementation, operation, maintenance and disposition of federal cloud computing environments including:
  • Individuals with mission/business ownership responsibilities or fiduciary responsibilities (e.g., heads of federal agencies, chief executive officers, chief financial officers)
  • Individuals with cloud/information system development and integration responsibilities (e.g., program managers, information technology product developers, information system developers, information systems integrators, enterprise architects, information security architects)
  • Individuals with cloud/information system and/or security management/oversight responsibilities (e.g., senior leaders, risk executives, authorizing officials, chief information officers, senior information security officers)
  • Individuals with cloud/information system and security control assessment and monitoring responsibilities (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, information system owners)
  • Individuals with cloud/information security implementation and operational responsibilities (e.g., cloud service providers, information system owners, common control providers, information owners/stewards, mission/business owners, information security architects, information system security engineers/officers)
Course Topics:
Module 1 (Introduction to FedRAMP) 
Purpose/Applicability/Operational Capabilities
Key Terms
  • Goals/Benefits
  • Roles and Responsibilities
  • Government
  • 3PAOs
  • CSPs
Module 2 (The Cloud Security Assessment and Authorization (A&A) Process) 
  • Initiating/Applying 
  • Assessing
  • Authorizing
  • Leveraging
  • FedRAMP Documents
    • SSP/Control Tailoring Workbook/Control Implementation Summary
    • SAR/POA&M
    • Authorization Request Letters
    • PIA Questionnaires
    • Contingency Plan

Module 3 (FedRAMP Security Controls) 

  • For Low Impact Cloud Environments
  • For Moderate Impact Cloud Environments

Questions
For course availability, please view our training schedule. Questions about our corporate training may be directed to training@KratosSecureInfo.com, or call 888.753.8377. Ask about our mobile training capability--it may save you money!

Register Now for Cybersecurity Training