All Episodes
Displaying 21 - 40 of 71 in total
Episode 20 — Establish Configuration Management Plan
A Configuration Management (CM) Plan defines how changes are proposed, evaluated, approved, implemented, and verified so that security commitments remain intact as the...
Episode 21 — Develop the Incident Response Plan
An effective Incident Response (IR) Plan ensures that security events are detected, analyzed, contained, and reported in compliance with FedRAMP timelines and agency c...
Episode 22 — Build Contingency and Disaster Recovery
Contingency and Disaster Recovery (DR) planning ensures mission continuity when systems or facilities fail. This episode defines how FedRAMP expects providers to docum...
Episode 23 — Quick Recap: SSP Essentials
This recap consolidates what you have learned about building and maintaining a System Security Plan (SSP) that supports credible assessment and ongoing compliance. We ...
Episode 24 — Complete the Privacy Threshold Analysis
The Privacy Threshold Analysis (PTA) determines whether a system collects, processes, or stores personally identifiable information (PII) and, if so, whether a deeper ...
Episode 25 — Produce a Privacy Impact Assessment
A Privacy Impact Assessment (PIA) extends the PTA by analyzing how personal data is collected, used, shared, and protected throughout a system’s lifecycle. This episod...
Episode 26 — Align With Digital Identity Guidance
Digital identity choices shape how users enroll, authenticate, and obtain tokens that protect federal data, so FedRAMP reviewers expect clear alignment to NIST digital...
Episode 27 — Craft Rules of Behavior Statements
Rules of Behavior (RoB) turn security obligations into explicit user commitments that agencies can accept and enforce. This episode describes how to write RoB statemen...
Episode 28 — Compile Asset and Software Inventories
Complete, accurate inventories are the backbone of scanning, configuration management, and incident response. This episode explains how to compile hardware, virtual in...
Episode 29 — Prepare the Control Summary Table
The Control Summary Table (CST) gives reviewers a concise, at-a-glance view of implementation status, inheritance claims, testing results, and open risk for each contr...
Episode 30 — Enforce FIPS-Validated Cryptography
FedRAMP requires cryptography that is validated under the Federal Information Processing Standards (FIPS) program, so you must demonstrate that every cryptographic fun...
Episode 31 — Address Multi-Tenant Isolation Controls
Multi-tenancy introduces complexity and risk because different customers share infrastructure while maintaining strict data and process separation. This episode explai...
Episode 32 — Secure Key Management and KMS
Key management underpins all cryptographic operations, and FedRAMP reviewers expect a clear, auditable key lifecycle. This episode defines the phases of key management...
Episode 33 — Quick Recap: Privacy and Attachments
This recap brings together the privacy documentation and supporting attachments required for a complete and credible FedRAMP package. We review the chain from the Priv...
Episode 34 — Plan the Security Assessment
Every FedRAMP authorization depends on a well-planned security assessment that verifies implementation and effectiveness of required controls. This episode explains ho...
Episode 35 — Define Scope and Assumptions
Clear scoping defines what will be tested, how, and under which constraints—preventing confusion that delays authorization. This episode explains how to delineate in-s...
Episode 36 — Select Effective Assessment Methods
Choosing the correct assessment method for each control—interview, examine, or test—determines whether results will be credible and reproducible. This episode explains...
Episode 37 — FedRAMP Acronyms: Quick Audio Reference
Acronyms condense complex ideas into shorthand, but they become obstacles if listeners cannot expand them reliably during an assessment or exam scenario. This episode ...
Episode 38 — Set Clear Rules of Engagement
Rules of Engagement (ROE) define the conditions under which assessment activities occur, protecting production stability while enabling thorough verification. This epi...
Episode 39 — Design Sampling and Coverage
Sampling determines how much of your environment must be examined or tested to form a reliable conclusion without exhaustive effort. This episode explains how to desig...