United States Cybersecurity and Privacy Resources
Federal Level
Recent Updates
-
New! NSA Releases Top Ten Cloud Security Mitigation Strategies March 7th, 2024
-
New! NIST Releases Version 2.0 of Landmark Cybersecurity Framework Feb 26th, 2024
Consumer Protection
Financial Services
-
Sarbanes-Oxley Act : Prevent corporate fraud by setting strict regulatory mandates for how organizations protect financial records from tampering and making auditors more independent from their clients.
-
PCI DSS v4.0 : Set of security policies that protect credit and payment card data and transactions.
FedRAMP
Resources for Cloud Service Providers (Offer your cloud services to the federal government)
-
CSP Authorization Playbook : Initiate FedRAMP, onboard offers Cloud Service Providers (CSPs) a comprehensive understanding of crafting an authorization strategy, various authorization categories, and key factors for their Cloud Service Offerings (CSOs) when engaging with FedRAMP.
-
FedRAMP Security Controls Baseline : Provides the catalog of FedRAMP High, Moderate, Low, and Tailored Low Impact Software-as-a-Service (Li-SaaS) baseline security controls, along with additional guidance and requirements.
Resources for Federal Agencies (Adopt innovative cloud services to meet your agency’s mission needs)
-
Agency Authorization Playbook : Provides agencies with step-by-step guidance, best practices, and tips to successfully implement the FedRAMP Agency Authorization process.
-
Reusing Authorizations for Cloud Products Quick Guide : Steps and guidance to help agencies quickly and efficiently reuse authorized cloud products within the FedRAMP Marketplace.
-
FedRAMP Package Access Request Form : Form can be used by any federal agency that is seeking to use a CSO that is already FedRAMP Authorized.
Resource for Assessors (3PAOs evaluate cloud security for federal authorization, guiding risk-based decisions via assessments like the RAR and SAP)
Other resources
-
Continuous Monitoring Strategy Guide : To provide periodic security deliverables to all agency customers.
-
Penetration Test Guidance : Requirements for organization to conduct a FedRAMP pen test.