Cloud Safe Task Force: Reciprocity and ATO Process Reengineering
November 13, 2024, 1:00 PM – 4:35 PM ET
Event Overview
Consistent with its Recommendation Roadmap, the Cloud Safe Task Force (CSTF) is meeting to address Authorization-to-Operate (ATO) Reciprocity in cloud security practices on November 13th. The meeting, entitled “Reciprocity and ATO Process Reengineering” is structured to engage industry and government stakeholders in identifying the challenges and solutions for achieving “Reciprocity-at-Scale”. Operating to dissuade service upgrades and create a barrier to small business entry, the cost of security assessment and authorization (A&A) practices in the Cloud Services industry has become an impediment to technological innovation. Today, many Cloud Service Providers (CSPs) must demonstrate compliance to multiple control frameworks specific to market sector and international boundaries. As a result, a single cybersecurity control could be assessed multiple times creating costs without improvements in security. While reciprocity in A&A is not a new objective, it continues to present challenges for industry and the US Government has renewed is focus to address the objective through recent actions including the 2023 National Defense Authorization Act (NDAA) FedRAMP Authorization Act, DoD Reciprocity Playbook, and M-24-15 FedRAMP Modernization memo. Join us as we collaborate to define a Whole-of-Nation approach to solving issues preventing reciprocity in A&A for Cloud Security.
1:00 PM
Opening Remarks & Agenda
David Powner
Executive Director, Center for Data-Driven Policy, MITRE
1:05 PM
Fireside Chat: State of Cloud Security – Understanding the Burden of Compliance
Dr. Mari Spina
Senior Principal Cyber Security Engineer, MITRE
John Weiler
Chief Executive Officer, IT Acquisition Advisory Council
John Bergin
Director of Federal, Microsoft Digital Security and Risk, Microsoft
John Yeoh
Global Vice President of Research, Cloud Security Alliance
Moderator: David Powner
Executive Director, Center for Data-Driven Policy, MITRE
1:25 PM
Panel #1: Challenges with Harmonizing Cloud Implementations
Michael Carter
Managing Partner/Co-Founder, Fortreum, LLC
John Bergin
Director of Federal, Microsoft Digital Security and Risk, Microsoft
Chris DeRusha
Director of Global Public Sector Compliance, Google (Pending Agency Approval)
Steve Derr
Vice President, Cloud Operations & Engineering, Oracle
Co-moderator: John Weiler
Chief Executive Officer, IT Acquisition Advisory Council
Co-Moderator: Dr. Mari Spina
Senior Principal Cyber Security Engineer, MITRE
2:55 PM
Break
3:05 PM
Panel #2: Recommendations for Harmonization and Reciprocity
Co-moderator: John Yeoh
Global Vice President of Research, Cloud Security Alliance
Co-moderator: Katy Warren
Senior Principal and Department Manager, MITRE
4:35 PM
Closing Remarks