Cloudy With a Chance of Memos - podcast episode cover

Cloudy With a Chance of Memos

Jan 11, 202432 min
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

FedRAMP moderate “equivalency” has been a thing since 2016, but DoD never really defined the term until January 2024. “The memo” has defense suppliers and the people behind their cloud apps in panic mode. In this episode we dive into what the memo says, potential reasons why, and whether equivalency will still be a thing in the future at all.

Episode Links:

DFARS 7012: https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

The memo (PDF): https://dodcio.defense.gov/Portals/0/Documents/Library/FEDRAMP-EquivalencyCloudServiceProviders.pdf

Equivalency circa 2018: https://www.nist.gov/news-events/events/2018/10/controlled-unclassified-information-security-requirements-workshop

FedRAMP: https://www.fedramp.gov/program-basics/

NIST SP 800-171r3: https://csrc.nist.gov/pubs/sp/800/171/r3/fpd

For the best experience, listen in Metacast app for iOS or Android