Cloud Safe Task Force: Reciprocity and ATO Process Reengineering
November 13, 2024, 1:00 PM – 4:35 PM ET
Event Overview
Consistent with its Recommendation Roadmap, the Cloud Safe Task Force (CSTF) is meeting to address Authorization-to-Operate (ATO) Reciprocity in cloud security practices on November 13th. The meeting, entitled “Reciprocity and ATO Process Reengineering” is structured to engage industry and government stakeholders in identifying the challenges and solutions for achieving “Reciprocity-at-Scale”. Operating to dissuade service upgrades and create a barrier to small business entry, the cost of security assessment and authorization (A&A) practices in the Cloud Services industry has become an impediment to technological innovation. Today, many Cloud Service Providers (CSPs) must demonstrate compliance to multiple control frameworks specific to market sector and international boundaries. As a result, a single cybersecurity control could be assessed multiple times creating costs without improvements in security. While reciprocity in A&A is not a new objective, it continues to present challenges for industry and the US Government has renewed is focus to address the objective through recent actions including the 2023 National Defense Authorization Act (NDAA) FedRAMP Authorization Act, DoD Reciprocity Playbook, and M-24-15 FedRAMP Modernization memo. Join us as we collaborate to define a Whole-of-Nation approach to solving issues preventing reciprocity in A&A for Cloud Security.
Join the CSA-DC Chapter Cloud Safe Collaborators Meetup at the Archer Hotel, Tysons Corner from 6:00-8:00 PM ET.
1:00 PM
Opening Remarks & Agenda
Cedric Sims
Senior Vice President of Enterprise Innovation and Integration, MITRE
1:05 PM
Fireside Chat: State of Cloud Security – Understanding the Burden of Compliance
Dr. Mari Spina
Senior Principal Cyber Security Engineer, MITRE
John Weiler
Chief Executive Officer, IT Acquisition Advisory Council
John Bergin
Director of Federal, Microsoft Digital Security and Risk, Microsoft
John Yeoh
Global Vice President of Research, Cloud Security Alliance
Katy Warren
Senior Principal and Department Manager, MITRE
Moderator: David Powner
Executive Director, Center for Data-Driven Policy, MITRE
1:25 PM
Keynote
Chris DeRusha
Director of Global Public Sector Compliance Google, and former Federal CISO
1:45 PM
Break
1:50 PM
Panel #1: Challenges with Cloud Security Reciprocity
Michael Carter
Managing Partner/Co-Founder, Fortreum, LLC
John Bergin
Director of Federal, Microsoft Digital Security and Risk, Microsoft
Brian Conrad
Director of Global Compliance Zscaler, and former FedRAMP Director
Steve Derr
Vice President, Cloud Operations & Engineering, Oracle
Matt Hungate
Director, CISSP, CPA, CISA, Schellman
Co-moderator: John Weiler
Chief Executive Officer, IT Acquisition Advisory Council
Co-Moderator: Dr. Mari Spina
Senior Principal Cyber Security Engineer, MITRE
3:10 PM
Break
3:20 PM
Panel #2: Recommendations for Harmonization and Reciprocity
Michele Iversen
Former Director of Cybersecurity Risk Integration, U.S. Department of Defense CIO
Chris DeRusha
Director of Global Public Sector Compliance Google, and former Federal CISO
Hazem Eldakdoky
AWS Security Assurance US Federal Civilian Lead
Rajeev Karamchedu
Director of Enterprise, Fortreum
David Vaughn
Sr. Cloud Security Engineer, DISA
Co-moderator: John Yeoh
Global Vice President of Research, Cloud Security Alliance
Co-moderator: Katy Warren
Senior Principal and Department Manager, MITRE
4:40 PM
Closing Remarks
Katy Warren
Senior Principal and Department Manager, MITRE
Moderator: David Powner
Executive Director, Center for Data-Driven Policy, MITRE
Co-Moderator: Dr. Mari Spina
Senior Principal Cyber Security Engineer, MITRE
Past Cloud Safe Task Force Insights
