CalCloud Security Measures and Compliance Overview
"Explore how OTech CalCloud ensures operational and compliance requirements, including FedRAMP controls, security policies, and key elements for a secure infrastructure. Learn about their tiered security model, encryption practices, and stringent access controls. Discover how CalCloud prioritizes data protection and regulatory adherence for a robust security framework."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
OTech CalCloud Security General Meets the operational and compliance requirements of the State SAM/SIMM NIST FedRAMP v2 Other necessary regulatory controls January 20, 2016 1
OTech CalCloud IaaS Security Policy Pyramid State Policy Dept. of Technology Policy Data Center Standards Customer Policy CalCloud Standards CalCloud Customer Application January 20, 2016 2
OTech CalCloud IaaS Security Controls A formal security control program is in place (FedRAMP V2) ~325 FedRAMP controls assessed against 25+ domains Compliance support to other authorities available; applicable to infrastructure controls only CalCloud security controls can be shared with customer security personnel under strict controls and agreements January 20, 2016 3
OTech CalCloud IaaS Security Stack CalCloud tiered security model Workload Specific Security (HIPAA) Workload Specific Security (PCI DSS) Workload Specific Security (IRS 1075) Workload Specific Security (SSA) Workload Specific Security (other) The Federal Risk and Authorization Management Program (FEDRAMP V2 Includes NIST 800-53 Rev 4) IBM + California Dept of Technology Security Controls (ISeC) (CalCloud Information Security Controls) Base Level Security Profile Hosted inside the California Department of Technology s data centers and protected by firewall(s) January 20, 2016 4
OTech CalCloud IaaS Security Key Elements Encrypted Cloud Border Security Admin Access Only from Territorial U.S. Two-Factor Authenticated Sessions Log of All Administrative Actions Least Privilege and Separation of Duties Practice Data are Property of the State Infrastructure Hardening Coordinated Security Incident Handling Vendor(s) Background Checked Encryption at Rest (Option) Coordinated Change Control Security Awareness Training Including IRS Disclosure Strong Tenant Isolation Coordinated OS Patching No Shared Credentials Isolated Security Tiers (network) Configuration and Vulnerability Monitoring January 20, 2016 Controlled Administrative Access 5
