Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) and guidance on navigating the FedRAMP requirements and authorization process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.

This updated edition will cover the latest changes to the FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Controls, which are based on the NIST Special Publication 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.

Chapter 1 – Introduction to the federal cloud computing strategy

Chapter 2 – Cloud computing standards

Chapter 3 – A case for open source

Chapter 4 – Security and privacy in public cloud computing

Chapter 5 – Applying the NIST risk management framework

Chapter 6 – Risk management

Chapter 7 – Comparison of federal and international security certification standards

Chapter 8 – FedRAMP primer

Chapter 9 – The FedRAMP cloud computing security requirements

Chapter 10 – Security testing: vulnerability assessments and penetration testing

Chapter 11 – Security assessment and authorization: Governance, preparation, and execution

Chapter 12 – Strategies for continuous monitoring

Chapter 13 – Continuous monitoring through security automation

Chapter 14 – A case study for cloud service providers