Talking Points:
How does FedRAMP help agencies ensure that Digital Government services are secure?
For this discussion you must:
Create an MS Word document containing your “short paper” (response) for the discussion topic. Use MS Word to spell check and grammar check your work.
The format for your week 3 discussion is a Talking Points Paper.
Talking points help decision-makers/leaders/managers make decisions. Decision-makers use talking points instead of (or in addition to) reading lengthy reports because the talking points only include the pertinent facts and/or the bottom line – meaning each talking point stands alone in the context of the paper topic.
Prepare a set of talking points (3 to 5 paragraphs or 5 categories / 20-25 bullet points total) that address the following information request:
How does FedRAMP help agencies ensure the security of digital government services?
Your talking points must address the following:
What is meant by “Digital Government services?” (previously called “e-Government” services)
FedRAMP (what it is, how agencies use FedRAMP to deliver Digital Services, and how FedRAMP contributes to improved security for Digital Services)
Additional strategies for improving privacy and security (Play #11) from the Federal CIO Council’s Digital Services Playbook (“Manage security and privacy through reusable processes”) — make sure that you address the “Checklist” and “Key Questions”
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Note: this assignment asks for paragraphs (including full sentences), not short phrases. Thus, each talking point should have at least one full sentence.
You may use Bullets or Number to identify each distinct talking point. In most cases, each of your talking points will be multiple sentences to ensure you explain the point.
Week Overview:
Topic: Securing Digital Government Programs & Services
This week, we begin by considering the federal government’s strategies (https://playbook.cio.gov/) for digital government:
Understand what people need
Address the whole experience, from start to finish
Make it simple and intuitive
Build the service using agile and iterative practices
Structure budgets and contracts to support delivery
Assign one leader and hold that person accountable
Bring in experienced teams
Choose a modern technology stack
Deploy in a flexible hosting environment
Automate testing and deployments
Manage security and privacy through reusable processes
Use data to drive decisions
Default to open [data]
These digital government strategies depend upon the security of the federal IT systems and software that agencies will use to implement their provisions. The President and his cabinet (heads of federal departments and agencies) are responsible for setting policy to implement laws that authorize and require the activities necessary to ensure the security of these systems and services. In 2017, the President issued Presidential Executive Order 13800 (“Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” ATTACHED) to provide updated security requirements and implementation guidance to federal departments and agencies.
Digital Government applications depend upon Web Applications for delivery of information and services. Web Application architectures did not originally consider security when first designed. As a result, there are many vulnerabilities inherent in the basic Web architecture. The Web Applications Architectures and Security document ATTACHED discusses the basic architecture and most commonly encountered vulnerabilities in web architectures.
Cloud Services have become the predominant delivery model for Web-based services. The federal government developed the FEDRAMP program to help agencies transition to cloud-based delivery models in a secure and cost-effective manner. The readings this week include several resources that can help you learn more about FEDRAMP and cloud security. (Read Part IV Chapter 13: Data Backups and Cloud Computing in The InfoSec Handbook ATTACHED). https://www.fedramp.gov/program-basics/ https://www.fedramp.gov/federal-agencies/
Finally, the Federal Information Security Management Act (FISMA) lays the foundational requirements for securing all federal IT systems and the implementing guidance developed and published by the National Institute of Standards and Technology, as directed in the FISMA legislation. Four important implementation guidance documents are FIPS 199, FIPS 200, NIST Cybersecurity Framework, and NIST SP 800-53. ATTACHED.
