Completing Assessment & Authorization (A&A) activities on Cloud Solution Providers (CSP’s), Applications and Support Systems in accordance with Federal standards (NIST, FIPS, and OMB) is a time-consuming and resource intensive process. This half-day course examines the four (4) Phases of the A&A process, clarifies Roles and Responsibilities, decomposes Tasks and Activities within each phase, and standardizes the A&A package contents.
The instructor will provide cost-effective methods and strategies to reduce A&A complexities associated with each phase. Proven techniques will be discussion topics on how to increase the Return on Investment (ROI) during Risk Assessments, Security Categorization and the validation of security control implementations.
Each attendee will receive 12×18 charts on the following six (6) Security & Privacy charts as handout material to facilitate discussions:
- Personal Identifiable Information (PII) Methodology
- Security Categorization Methodology
- Risk Managment Framework (RMF) Methodology
- Enterprise Security Program Assessment & Validation (SPA&V) Methodology
- Security Assessment Report (SAR) Methodology
- Enterprise Security Control Assessment (SCA) Lifecycle Methodology