Follow the attach instructions to complete this work.
How does FedRAMP help agencies ensure that Digital Government services are secure?
Must post first.
Subscribe
The format for your week 3 discussion is a backgrounder (“briefing paper”). Background papers are summaries of issues provided to help decision-makers/leaders/managers make decisions. Decision-makers use summaries instead of (or in addition to) reading lengthy reports because the summaries only include the
pertinent facts and/or the bottom line – meaning each specific point stands alone in the context of the paper topic.
Prepare a set of discussion points (3 to 5 paragraphs) that address the following information request:
How does FedRAMP help agencies ensure the security of digital government services?
Your backgrounder (“briefing paper”) must address the following:
· What is meant by “Digital Government services?” (previously called “e-Government” services)
· FedRAMP (what it is, how agencies use FedRAMP to deliver Digital Services, and how FedRAMP contributes to improved security for Digital Services)
· Additional strategies for improving privacy and security (Play #11) from the Federal CIO Council’s
Digital Services Playbook (“Manage security and privacy through reusable processes”) — make sure that you address the “Checklist” and “Key Questions”
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Read these
Notes
Securing Digital Government Programs & Services
Topic: Securing Digital Government Programs & Services
This week, we begin by considering the federal government’s strategies (see Digital Services Playbook (Federal CIO Council) in the course content) for digital government:
1. Understand what people need
2. Address the whole experience, from start to finish
3. Make it simple and intuitive
4. Build the service using agile and iterative practices
5. Structure budgets and contracts to support delivery
6. Assign one leader and hold that person accountable
7. Bring in experienced teams
8. Choose a modern technology stack
9. Deploy in a flexible hosting environment
10. Automate testing and deployments
11. Manage security and privacy through reusable processes
12. Use data to drive decisions
13. Default to open [data]
These
digital government strategies depend upon the security of the federal IT systems and software that agencies will use to implement their provisions. The President and his cabinet (heads of federal departments and agencies) are responsible for setting policy to implement laws that authorize and require the activities necessary to ensure the security of these systems and services. (In Week 1, you reviewed the May 2021 guidance from the White House — Executive Order 14028.) The National Institute of Standards and Technology (NIST) carries primary responsibility for researching and publishing information security standards and guidance for the federal government’s agencies, departments, and contractors. These publications, including the 800 series Special Publications, are widely used throughout the world by governments, businesses, and treaty organizations.
The Federal Information Security Management Act (FISMA) lays the foundational requirements for securing all federal IT systems and the implementing guidance developed and published by the National Institute of Standards and Technology, as directed in the FISMA legislation. Important implementation guidance documents include: FIPS 199, FIPS 200, NIST Cybersecurity Framework, NIST SP 800-30, NIST SP 800-37, and NIST SP 800-53. You should be aware of the contents of each of these documents.
NIST SP 800-30 (conducting risk assessments) and NIST SP-800-37 (applying the risk management framework) are summarized and discussed in the Certified Authorization Professional (CAP CBK) book used in this course. As noted in Week 1, the CAP CBK content is based upon revision 1 of NIST SP-800-37. The current version (V2) is included in this week’s readings so that you can become familiar with the current Risk Management Framework and associated guidance.
The federal government’s Digital Government strategies emphasize the use of Cloud Services and cloud services providers in preference to enterprise IT data centers operated by individual departments and agencies. The Federal Government’s FedRAMP program provides guidance to departments and agencies for the acquisition and operation of cloud services. This guidance works in concert with the NIST guidance for securing government information systems and services. The readings this week provide an introduction to this important cross-agency program.
