Assume that you are the Chief Compliance Officer for Claudius-Cloud, Inc., a cloud service provider. You are currently working on your FedRAMP policies and procedures. The board of directors has asked you to write a memo explaining the policies and procedures set forth in the FedRAMP System Security Plan (SSP) High Baseline Template.
In particular, the board has asked you to:
• Explain in 1 page the purpose of the following four general types of policies and procedures set forth in the FedRAMP System Security Template:
o Access Control
o Identification and Authentication
o Physical Environment and Protection, and
o Risk Assessment (including in particular Vulnerability Scanning.
• In 3 pages of your memo, you have been asked to describe 2 specific policies and procedures from EACH of those four categories listed above (Access Control, Identification and Authentication, Physical Environment and Protection, and Risk Assessment). In describing these 8 total policies and procedures, you the board has asked you to:
o Explain how they work
o Explain why you believe these specific policies and procedures have been included in the FedRAMP required policies and procedures
o Describe why these policies and procedures are of particular relevance to cloud computing, and
o Explain why you believe particular policies and procedures have been labeled as they have