The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This Office of Technology Assessment (OTA) report was requested by the Senate Committee on Governmental Affairs and the House Subcommittee on Telecommunications and Finance. The report begins with background information and an overview of the current situation, a statement of the problems involved in safeguarding unclassified networked information, and a summary of policy issues and options. The major part of the report is then devoted to detailed discussions of policy issues in three areas: (1) cryptography policy, including federal information processing standards and export controls; (2) guidance on safeguarding unclassified information in federal agencies; and (3) legal issues and information security, including electronic commerce, privacy, and intellectual property. Appendices include Congressional letters of request; the Computer Security Act and related documents; evolution of the digital signature standard; and lists of workshop participants, reviews, and other contributors. An index is provided. A separately published eight-page OTA Report Summary is included. (JLB).

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing. - Provides a common understanding of the federal requirements as they apply to cloud computing - Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) - Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Update of the 1994 report "Information Security and Privacy in Network Environments". Updates and develops issues in three areas: national cryptography policy, guidance on safeguarding unclassified information in federal agencies, and legal issues and information security, including electronic commerce, privacy, and intellectual property. Appendix includes: U.S. Export Controls on Cryptography, and Federal Information Security and the Computer Security Act. Charts and tables.