Federal Cloud Computing

1st Edition

The Definitive Guide for Cloud Service Providers

Authors: Matthew Metheny
Print ISBN: 9781597497374
eBook ISBN: 9781597497398
Imprint: Syngress
Published Date: 27th November 2012
Page Count: 448
45.95 + applicable tax
36.99 + applicable tax
68.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


This book will address the basic concepts of Cloud Computing and the process that will be used by the Federal Government to ensure the Cloud Computing Technologies meeting the Federal requirements for Confidentiality, Integrity, and Availability.

Per the NIST: "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models"

Per the Federal CIO Council: "The Federal Risk and Authorization Management Program or FedRAMP has been established to provide a standard approach to Assessing and Authorizing (A&A) cloud computing services and products. FedRAMP allows joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems intended for multi-agency use."

Table of Contents

Dedication 1

Dedication 2

About the Author

About the Technical Editor

Foreword by William Corrington

Foreword by Jim Reavis

Chapter 1. Introduction to the Federal Cloud Computing Strategy


A Historical View of Federal IT

Cloud Computing: Drivers in Federal IT Transformation

Decision Framework for Cloud Migration



Chapter 2. Cloud Computing Standards


Standards Development Primer

Cloud Computing Standardization Drivers

Identifying Standards for Federal Cloud Computing Adoption



Chapter 3. A Case for Open Source


Open Source and the Federal Government

OSS Adoption Challenges: Acquisition and Security

OSS and Federal Cloud Computing



Chapter 4. Security and Privacy in Public Cloud Computing


Security and Privacy in the Context of the Public Cloud

Federal Privacy Laws and Policies

Safeguarding Privacy Information

Security and Privacy Issues



Chapter 5. Applying the NIST Risk Management Framework

Introduction to FISMA

Risk Management Framework Overview

NIST RMF Process



Chapter 6. Risk Management

Introduction to Risk Management

Federal Information Security Risk Management Practices

Overview of Enterprise-Wide Risk Management

NIST Risk Management Process

Comparing the NIST and ISO/IEC Risk Management Processes



Chapter 7. Comparison of Federal and International Security Certification Standards


Overview of Certification and Accreditation

NIST and ISO/IEC Information Security Standards



No. of pages:
© Syngress 2013
eBook ISBN:
Paperback ISBN:

About the Author

Matthew Metheny

Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing. Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College

Affiliations and Expertise

Chief Information Security Officer and Director of Cyber Security Operations, Court Services and Offender Supervision Agency (CSOSA)