“I think with any metric, the FedRAMP program has been viewed as...."
Listen to this edition of Reimagining Cyber EXTRA and find out what Rob and Stan think about FedRAMP.
Firstly, what is it?!
“[FedRAMP’s] whole purpose is to provide a standardized government-wide approach to security assessment, authorization, and continuing monitoring of cloud products and services used by the federal government agencies.”
Plus:
- FedRAMPs codification into law via the National Defense Authorization Act (NDAA)
- Action to making the process easier for vendors and agencies.
- Establishment of the Federal Secure Cloud Advisory Committee – what is it, what’s it for?
- Why does the NDAA not make vendors provide a SBOM? Will this change?
“The crystal ball is if you are a software supplier to the government, you have to be prepared in the future to be able to provide this kind of inventory of components that make up your software build. It's important to be able to react quickly to zero-days, to be able to understand what your software consists of to be able to mitigate open source security issues and risks”
- Microsoft share how they manage supply chain risks with the Secure Supply Chain Consumption Framework (S2C2F). What does the OpenSSF think of it?
“Everything that we're talking about in cyber always somehow turns itself back around to the software. The software supply chain is the common theme that we heard through last year. It's not going to slow down this year.”
- The rise of APIs (application programming interface) as an attack surface
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
Fler avsnitt av Reimagining Cyber - real world perspectives on cybersecurity
Visa alla avsnitt av Reimagining Cyber - real world perspectives on cybersecurityReimagining Cyber - real world perspectives on cybersecurity med Reimagining Cyber finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.