Sign up to save your podcasts
Or
Share EXTRA: Fedramp, Software Supply Chain Guidance & API Security - New Year Updates!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EXTRA: Fedramp, Software Supply Chain Guidance & API Security - New Year Updates!
“I think with any metric, the FedRAMP program has been viewed as...."
Listen to this edition of Reimagining Cyber EXTRA and find out what Rob and Stan think about FedRAMP.
Firstly, what is it?!
“[FedRAMP’s] whole purpose is to provide a standardized government-wide approach to security assessment, authorization, and continuing monitoring of cloud products and services used by the federal government agencies.”
Plus:
- FedRAMPs codification into law via the National Defense Authorization Act (NDAA)
- Action to making the process easier for vendors and agencies.
- Establishment of the Federal Secure Cloud Advisory Committee – what is it, what’s it for?
- Why does the NDAA not make vendors provide a SBOM? Will this change?
“The crystal ball is if you are a software supplier to the government, you have to be prepared in the future to be able to provide this kind of inventory of components that make up your software build. It's important to be able to react quickly to zero-days, to be able to understand what your software consists of to be able to mitigate open source security issues and risks”
- Microsoft share how they manage supply chain risks with the Secure Supply Chain Consumption Framework (S2C2F). What does the OpenSSF think of it?
“Everything that we're talking about in cyber always somehow turns itself back around to the software. The software supply chain is the common theme that we heard through last year. It's not going to slow down this year.”
- The rise of APIs (application programming interface) as an attack surface
View all episodes
By Reimagining Cyber
5
1919 ratings
“I think with any metric, the FedRAMP program has been viewed as...."
Listen to this edition of Reimagining Cyber EXTRA and find out what Rob and Stan think about FedRAMP.
Firstly, what is it?!
“[FedRAMP’s] whole purpose is to provide a standardized government-wide approach to security assessment, authorization, and continuing monitoring of cloud products and services used by the federal government agencies.”
Plus:
- FedRAMPs codification into law via the National Defense Authorization Act (NDAA)
- Action to making the process easier for vendors and agencies.
- Establishment of the Federal Secure Cloud Advisory Committee – what is it, what’s it for?
- Why does the NDAA not make vendors provide a SBOM? Will this change?
“The crystal ball is if you are a software supplier to the government, you have to be prepared in the future to be able to provide this kind of inventory of components that make up your software build. It's important to be able to react quickly to zero-days, to be able to understand what your software consists of to be able to mitigate open source security issues and risks”
- Microsoft share how they manage supply chain risks with the Secure Supply Chain Consumption Framework (S2C2F). What does the OpenSSF think of it?
“Everything that we're talking about in cyber always somehow turns itself back around to the software. The software supply chain is the common theme that we heard through last year. It's not going to slow down this year.”
- The rise of APIs (application programming interface) as an attack surface
More shows like Reimagining Cyber - real world perspectives on cybersecurity
View all
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
CyberWire Daily
1,006 Listeners
Modern War Institute
766 Listeners
Smashing Security
310 Listeners
Click Here
406 Listeners
Malicious Life
926 Listeners
Darknet Diaries
7,876 Listeners
Cybersecurity Today
167 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners