Nurture FedRAMP compliance CoP - Githubissues

cloud-gov / product

Program-level artifacts, workflow and issues for cloud.gov

Creative Commons Zero v1.0 Universal

31 stars 15 forks source link

Nurture FedRAMP compliance CoP #2690

Closed pburkholder closed 10 months ago

pburkholder commented 1 year ago

In order to grow and establish the CoP established in #2671, we want to:

Formalize membership criteria
Document how we manage it at in a Runbook
Kick off some conversations. Potential topics:
- How to accelerate SSP publishing from submission to the "approved" package?
- How have other CSPs managed streamlining SCRs?
- How does one address the SC-13 variance guidelines on what's "acceptable"?
- Since FedRAMP® has admitted there are FIPS 140 conversations happening, do other CSPs have FIPS comments to submit that cloud.gov can forward to FedRAMP?
- Tip: How to change your annual assessment due date
- What happens if you miss the 9/1 rev5 date.

Security considerations

The content of this issue seems OK to be public. 2. The info we share on the maillist should be considered potentially public (FOIAble, or malicious subscribers). So far, so good.

pburkholder commented 10 months ago

The CoP is humming along nicely. I'll continue to own the CoP while on detail. When I come back it may be time to further formalize the CoP.