Cloud Safe Task Force: Reciprocity and ATO Process Reengineering

Name: Cloud Safe Task Force: Reciprocity and ATO Process Reengineering
Start: 2024-11-13T13:00:00-05:00
End: 2024-11-13T16:30:00-05:00
Location: Virtual

November 13, 2024, 1:00 PM – 4:35 PM ET

Register

Event Overview

Consistent with its Recommendation Roadmap, the Cloud Safe Task Force (CSTF) is meeting to address Authorization-to-Operate (ATO) Reciprocity in cloud security practices on November 13^th. The meeting, entitled “Reciprocity and ATO Process Reengineering” is structured to engage industry and government stakeholders in identifying the challenges and solutions for achieving “Reciprocity-at-Scale”. Operating to dissuade service upgrades and create a barrier to small business entry, the cost of security assessment and authorization (A&A) practices in the Cloud Services industry has become an impediment to technological innovation. Today, many Cloud Service Providers (CSPs) must demonstrate compliance to multiple control frameworks specific to market sector and international boundaries. As a result, a single cybersecurity control could be assessed multiple times creating costs without improvements in security. While reciprocity in A&A is not a new objective, it continues to present challenges for industry and the US Government has renewed is focus to address the objective through recent actions including the 2023 National Defense Authorization Act (NDAA) FedRAMP Authorization Act, DoD Reciprocity Playbook, and M-24-15 FedRAMP Modernization memo. Join us as we collaborate to define a Whole-of-Nation approach to solving issues preventing reciprocity in A&A for Cloud Security.

}

1:00 PM

Opening Remarks & Agenda

David Powner

Executive Director, Center for Data-Driven Policy, MITRE

}

1:05 PM

Fireside Chat: State of Cloud Security – Understanding the Burden of Compliance

Dr. Mari Spina

Senior Principal Cyber Security Engineer, MITRE

John Weiler

Chief Executive Officer, IT Acquisition Advisory Council

John Bergin

Director of Federal, Microsoft Digital Security and Risk, Microsoft

John Yeoh

Global Vice President of Research, Cloud Security Alliance

Moderator: David Powner

Executive Director, Center for Data-Driven Policy, MITRE

}

1:25 PM

Panel #1: Challenges with Harmonizing Cloud Implementations

Michael Carter

Managing Partner/Co-Founder, Fortreum, LLC

John Bergin

Director of Federal, Microsoft Digital Security and Risk, Microsoft

Chris DeRusha

Director of Global Public Sector Compliance, Google (Pending Agency Approval)

Steve Derr

Vice President, Cloud Operations & Engineering, Oracle

Co-moderator: John Weiler

Chief Executive Officer, IT Acquisition Advisory Council

Co-Moderator: Dr. Mari Spina

Senior Principal Cyber Security Engineer, MITRE

}

2:55 PM

Break

}

3:05 PM

Panel #2: Recommendations for Harmonization and Reciprocity

Co-moderator: John Yeoh

Global Vice President of Research, Cloud Security Alliance

Co-moderator: Katy Warren

Senior Principal and Department Manager, MITRE

}

4:35 PM

Closing Remarks

Register Here

By submitting this form you acknowledge receipt of and consent to ATARC’s Privacy Policy For further information, please review our complete Privacy Policy. By registering for this event you agree to receive event reminders via email, text, and/or phone call communications.

Past Cloud Safe Task Force Insights

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.

*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. Program Level: Overview, no prerequisites required. Advance preparation: none. Delivery Method: Group Live. Field of Study: Information Technology. Registration #140762. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. Refund, cancellation and complaint resolution policy.