About the Session

Federal regulations stipulate that information systems serving federal agencies must undergo a formal security assessment and accreditation process which is designed to ensure baseline information security requirements are met. There are two formalized accreditation standards: FISMA is the accreditation process for non-DoD agencies while DIACAP is pertinent to DoD agencies. Additionally there is a new standard which is meant to apply to cloud service providers: FedRAMP. The accreditation process can be a daunting task for firms whom develop web sites serving federal customers in the cloud. However, there is much benefit to an organization in achieving accreditation; these compliance standards are designed to ensure information systems and the organizations that support and operate them are secure and follow best practices. This session will focus on a review of the current US government compliance landscape, trends in the international government landscape, and a great deal of insight regarding our experience working with our customers in the federal space and obtaining accreditation for Drupal-based sites using a commercial cloud. Further, we will review how these standards are evolving internationally by talking about how NIST 800-53 fits within the global standards landscape including the ISO.

Case Study Examples

Two case studies will be presented:

• The Defense Security Cooperation Agency (DSCA) - an organization using a platform built on Drupal and hosted in a commercial cloud hosting facility. This organization will receive DIACAP accreditation in order to comply with DoD policy.
• A major non-DoD government organization that achieved FISMA certification for it's site built in Drupal and hosted in a commercial cloud hosting facility.