Sign up to save your podcasts
Or
Share FISMA in the Cloud: What Midsize Security Teams Need to Know
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
FISMA in the Cloud: What Midsize Security Teams Need to Know
In this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre.
In this episode, we answer to:
Do FISMA controls apply to cloud-native and SaaS-based environments?
How can midsize companies use FISMA without full federal-style compliance?
Why is risk-based adoption more effective than checklist compliance in the cloud?
Resources Mentioned in this Episode:
CISA website, Federal Information Security Modernization Act page, link https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act
NIST website, NIST Special Publication 800-53, link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Secureframe website, article "FISMA Compliance: What It Is and How to Achieve It", link https://secureframe.com/hub/nist-800-53/fisma-compliance
Security Compass website, article "ISO 27001 vs NIST 800-53", link https://www.securitycompass.com/blog/iso-27001-vs-nist-800-53/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya
View all episodes
By Luigi FerriIn this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre.
In this episode, we answer to:
Do FISMA controls apply to cloud-native and SaaS-based environments?
How can midsize companies use FISMA without full federal-style compliance?
Why is risk-based adoption more effective than checklist compliance in the cloud?
Resources Mentioned in this Episode:
CISA website, Federal Information Security Modernization Act page, link https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act
NIST website, NIST Special Publication 800-53, link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Secureframe website, article "FISMA Compliance: What It Is and How to Achieve It", link https://secureframe.com/hub/nist-800-53/fisma-compliance
Security Compass website, article "ISO 27001 vs NIST 800-53", link https://www.securitycompass.com/blog/iso-27001-vs-nist-800-53/
Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.
Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/
Graphics by Yulia Kolodyazhnaya