Transcription
FedRAMP,!v!1.0!!!!!!February,!2014!!v1.0!!TECH N! IC AL!GU IDE !!!!!This is the first document in the ComplianceReference Architecture for FedRAMP. You canfind more information on the Framework anddownload the additional documents from theVMware FedRAMP Compliance Resources onVMware Solution Exchange.!
IGN'GUIDE'/2!
n!a!provisional!Authorization!To!Operate!(p ATO)!after!undergoing!an!independent!third date!platforms,!and!providing!P es!on!a!system by ware!vCloud t!applications!in!a!FedRAMP ted!its!Audit!Partners!such!as!Coalfire,!a!FedRAMP e!from!the!DESIGN'GUIDE'/3!
!SP!800 of!their!enterprise prised!of!four!VMware!Product!Suites! edRAMP!is!based!on!the'NIST!SP!800 (NIST!SP!800 s!expected!to!be!released!later!in!2014.!Due! to! the! commonalities! of! the! VMware! products! and! features! across! all! of! the! Cloud! Use! Cases,! understanding! ed!in!this!document!with! more! Use! Case! specific! guidance! represented! in! the! Architecture! Design! Guide.! Regardless! of! the! Use! Case! or!operating! environment! model! the! FedRAMP! control! areas! represent! a! broad based,! balanced,! information! security!program! that! addresses! the! management,! operational,! and! technical! aspects! of! protecting! federal! information! and!information! systems.! The! management,! operational,! and! technical! controls! (i.e.,! safeguards! or! countermeasures)! ).!The! management! controls! focus! on! the! management! of! risk! and! the! management! of! information! system! security.! The!technical! security! controls! are! implemented! and! executed! primarily! by! the! information! system! through! !set!of!well th!in!the!Continuous!Diagnostics!DESIGN'GUIDE'/4!
hnical!FedRAMP!''DESIGN'GUIDE'/5!
re'3:'VMware' !a!single!Provisional!Authorization!(p e assess!the!hosting!infrastructure!on!a!per a!FedRAMP ined!in!the!NIST!SP!800 00 Baseline!DESIGN'GUIDE'/6!
ronments''!DESIGN'GUIDE'/7!
!800 an!satisfy!the!breadth!and!depth! of! security! requirements! levied! on! information! systems! and! organizations! and! that! is! consistent! with! trols!provided!in!Special!Publication!800 s!of!the!controls! in! satisfying! their! stated! security! requirements.! The! security! controls! in! the! catalog! facilitate! the! development! istent!and!repeatable!manner—thus! contributing! to! the! organization’s! confidence! that! there! is! ongoing! compliance! with! its! stated! security!requirements.!!The!NIST!800 catalogn!(ii)!security!control!baselinesn!(iii)! the! identification! and! use! of! common! security! controlsn! (iv)! security! controls! in! external! environmentsn! (v)! !and!baseline!controls.!!Security! controls! described! in! this! publication! have! a! well defined! organization! and! structure.! For!ease! of! use! in! the!!security! control! selection! and! specification! process,! controls! are! organized! into! eighteen! families. Each! security! control!family! contains! security! controls! related! to! the! security! functionality! of! the! family.! In! addition,! there! are! three! cs!of!cloud!computing! !on !network!access,!and!measured!services! cies!to!use!cloud based!solutions!whenever!a!secure,!reliable,!cost olicy!Memo)!to!provide!a!cost effective,!risk hem.!!The!purpose!of!FedRAMP!is!to:! ! ormation!securityn! ! nagement!costsn!and! ! Enable!rapid!and!cost (DOD),
VMWARE'PRODUCT'AVAILABILITY' GUIDE'FOR'FEDRAMP!!!!! !!! VMware!SDDC!Product! Applicability!Guide!for! FedRAMP,!v!1.0! February,!2014! v1.0! TECHNICAL!GUIDE!! This is the first document in the Compliance Reference Architecture for FedRAM
