Thanks AJ @WXManAJB for all your expert help today creating @sonian promo videos
Archive for March, 2012
@Sonain sales team about to cl…
@Sonain sales team about to close an amazing quarter
Preparing to film a @sonian vi…
Preparing to film a @sonian video for new corp website. #smile http://t.co/1qtgqsFL
Tales from the Trenches: GitH…
Tales from the Trenches: GitHub http://t.co/Aj0E2hrh #distributedteamsrock
Holding Out on Smartphones: ht…
Holding Out on Smartphones: http://t.co/1sJrlJ2o Been thinking the same thing… may “downgrade” my Droid for feature phone (+iPad)
FISMA Chronicles: FedRAMP, Inh…
FISMA Chronicles: FedRAMP, Inheritance and Key Controls http://t.co/EJ4p4kZu #cloud #fisma #fedramp
How OMGPOP scaled to 36 millio…
How OMGPOP scaled to 36 million users in three weeks http://t.co/8G1AUe92 Go, #cloud , Go!
FISMA Chronicles: FedRAMP, Inheritance and Key Controls
Part 2: FedRAMP, Inheritance and Key Controls
I am leading the FISMA project at Sonian, and we’re getting closer to achieving our first FISMA Moderate accreditation. For background on FISMA, read my first blog post on this subject.
With FISMA Moderate accreditation, Sonian will be able to manage non-defense government data. The accreditation is granted in the form of an “Authority to Operate (ATO)” bestowed upon a project by the government agency that will implement and utilize the product/service. A cyber security team within the government agency evaluates each project’s security documentation and gives the thumbs up or thumbs down. It’s an iterative process, that starts with extensive documentation, and audit, and government review and oversight. FISMA applies to both third party services purchased by the government, as well as internally developed and managed IT projects.
FedRAMP… Briefly
Currently, if a vendor wants to sell the same IT service to more than one government agency, FISMA requires an ATO from each agency, which adds time, complexity and cost to the procurement process. Historically, each agency has implemented and interpreted FISMA standards differently. The National Institute of Standards and Technology (NIST) devised the “FISMA Reference Architecture” for all agencies to follow, but in reality the local interpretation has varied. A “new and improved” accreditation standard is supposed to fix some of these issues. FedRAMP is a single umbrella guideline encompassing current FISMA rules, as well as updated rules that better align FISMA with technologies such as Software as a Service (SaaS) and cloud computing. When the legislation that created FISMA was drafted in 2002, SaaS and cloud computing were not on government technologist’s radar. FedRAMP is a modernization of FISMA, and also strives to streamline government IT purchasing, lower costs, and expedite project time lines. FedRAMP will benefit from FISMA’s first decade, so I am hopeful for an improved certification process when FedRAMP is officially ratified in about a year. There is already quite a bit known about FedRAMP and Sonian is working on a dual strategy to get FISMA Moderate for one agency, and then focus on FedRAMP for all other agencies.
This project looks intriguing….
This project looks intriguing… http://t.co/AbadiPi5 … love the idea to embed the VM into #cloud object stores like #s3 and #swift
