NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT)...
Transcript of NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT)...
![Page 1: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/1.jpg)
NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution
October 2018
Dr. Michaela Iorga
NIST
![Page 2: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/2.jpg)
A Triple Inflection Point Marked A New IT Era
$
![Page 3: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/3.jpg)
Today’s Challenges
Making the correct choice for your business (SaaS, PaaS or IaaS ?);
Understanding the complexity of the Information Systems, especially cloud-based solutions;
Risk Management is few orders of magnitude more complex; Loss of control (trust issues not security issues, data owner & data
custodian), Vendor’s transparency, Security and Compliance,
Regulatory Frameworks are burdensome, Security Vulnerabilities are everywhere,
Availability, Resilience and Reliability,
System updates trigger documentation (SSP) to become outdated.
3
![Page 4: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/4.jpg)
The Master Keys of the Cloud Kingdom: the 3Ts
Transparency
Traceability
Trust
![Page 5: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/5.jpg)
Use
r-d
ata
Bo
un
dar
y
Use
r-d
ata
Bo
un
dar
y
THE TRUST BOUNDARY
![Page 6: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/6.jpg)
RMF for the Cloud Ecosystem (RMF4CE) (a global view)
Layers M
anaged
by Con
sumer
Layers M
anaged
by P
rovide
r
Provider’s RMF
Consumer’s RMF
![Page 7: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/7.jpg)
RM
F4
CE
CONSUMER’S LEVEL OF CONTROL IN A CLOUD ECOSYSTEM
![Page 8: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/8.jpg)
RM
F4
CE
RMF consumer
RMF provider
Stack - image source: Cloud Security Alliance specification, 2009
THE CLOUD-BASED SYSTEM’S BOUNDARIES
Authorization Boundaries
![Page 9: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/9.jpg)
RMF4CE Cloud Ecosystem
Consumer’s Global View
ONGOING MONITORING OF CONSUMER’S CONTROLS IMPACT ANALYSIS
SYSTEM CATEGORIZATION
STEP 1:
IDENTIFY & SELECT CAPABILITIES
TAILOR & SUPPLEMENT CONTROLS
STEP 2:
DEVELOP SECURITY PLAN
ASSESS SECURITY CONTROLS MANAGED BY PROVIDER
STEP 3:
IMPLEMENT SECURITY CONTROLS UNDER CONSUMER’S MANAGEMENT
STEP 4:
AUTHORIZE CLOUD-BASED INFORMATION
SYSTEM (BASED UPON RESIDUAL RISK & RISK TOLERANCE)
STEP 5:
STEP 6:
SELECT BASELINE CONTROLS
IDENTIFY & SELECT BEST-FITTING CLOUD ARCHITECTURE SELECT CLOUD PROVIDER NEGOTIATE SLA, METRICS, SIGN CONTRACT
ASSESS SECURITY CONTROLS MANAGED BY CONSUMER
ONGOING MONITORING OF PROVIDER’S OPERATIONS
RE-AUTHORIZE PROVIDER
RMF4CE: Additional Tasks for a Cloud Consumer
![Page 10: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/10.jpg)
Objectives of Cloud Security Architecture Tool (CSAT) Innovate-Simplify-Automate
To demonstrate how the NIST Cybersecurity Framework can be aligned with the RMF and implemented using established NIST risk management processes.
To support the use of the NIST Special Publication 800-53 security control catalog, NIST and FedRAMP baselines.
To provide guidance for enhancing systems’ security through organization-generated control selection approach to complement, when deemed necessary, the baseline control selection approach.
To facilitate a more effective, efficient, and cost-effective methodology of architecting, implementing and assessing cloud-based information systems.
To promote the development of trustworthy secure cloud-based systems that support automation and near real-time monitoring.
![Page 11: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/11.jpg)
RMF4CE Cloud Ecosystem
Consumer’s Global View
ONGOING MONITORING OF CONSUMER’S CONTROLS IMPACT ANALYSIS
SYSTEM CATEGORIZATION
STEP 1:
IDENTIFY & SELECT CAPABILITIES
TAILOR & SUPPLEMENT CONTROLS
STEP 2:
DEVELOP SECURITY PLAN
ASSESS SECURITY CONTROLS MANAGED BY PROVIDER
STEP 3:
IMPLEMENT SECURITY CONTROLS UNDER CONSUMER’S MANAGEMENT
STEP 4:
AUTHORIZE CLOUD-BASED INFORMATION
SYSTEM (BASED UPON RESIDUAL RISK & RISK TOLERANCE)
STEP 5:
STEP 6:
SELECT BASELINE CONTROLS
IDENTIFY & SELECT BEST-FITTING CLOUD ARCHITECTURE SELECT CLOUD PROVIDER NEGOTIATE SLA, METRICS, SIGN CONTRACT
ASSESS SECURITY CONTROLS MANAGED BY CONSUMER
ONGOING MONITORING OF PROVIDER’S OPERATIONS
RE-AUTHORIZE PROVIDER
TASKS SUPPORTED BY CLOUD SECURITY ARCHITECTURE TOOL (CSAT)
CSF QUESTIONNAIRE
![Page 12: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/12.jpg)
RMF4CE Cloud Ecosystem
Consumer’s Global View
ONGOING MONITORING OF CONSUMER’S CONTROLS
IMPACT ANALYSIS SYSTEM CATEGORIZATION
STEP 1:
IDENTIFY & SELECT CAPABILITIES
TAILOR & SUPPLEMENT CONTROLS
STEP 2:
DEVELOP SECURITY PLAN
ASSESS SECURITY CONTROLS MANAGED BY PROVIDER
STEP 3:
IMPLEMENT SECURITY CONTROLS UNDER CONSUMER’S MANAGEMENT AND GENERATE SYSTEM SEC PLAN (SSP)
STEP 4:
AUTHORIZE CLOUD-BASED INFORMATION
SYSTEM (BASED UPON RESIDUAL RISK & RISK TOLERANCE)
STEP 5:
STEP 6:
SELECT BASELINE CONTROLS
IDENTIFY & SELECT BEST-FITTING CLOUD ARCHITECTURE SELECT CLOUD PROVIDER NEGOTIATE SLA, METRICS, SIGN CONTRACT
ASSESS SECURITY CONTROLS MANAGED BY CONSUMER
ONGOING MONITORING OF PROVIDER’S OPERATIONS
RE-AUTHORIZE PROVIDER
TASKS SUPPORTED BY OPEN SECURITY CONTROLS ASSESSMENT LANGUAGE (OSCAL)
CSF QUESTIONNAIRE
![Page 13: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/13.jpg)
NIST CC Security Reference Architecture – the Approach
+
Mapping
components to
architecture
NIST Reference Architecture CSA’s TCI Reference Architecture
NIST Security Reference Architecture – formal model NIST Security Reference Architecture – security components
![Page 14: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/14.jpg)
SP 500-292: NIST Cloud Computing Reference Architecture
![Page 15: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/15.jpg)
SP 800-200/500-299: NIST CLOUD SECURITY REFERENCE ARCHITECTURE
![Page 16: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/16.jpg)
https://cloudsecurityalliance.org/wp-content/uploads/2011/10/TCI-Reference-Architecture-v1.1.pdf
Cloud Security Alliance’s TCI Reference Architecture
![Page 17: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/17.jpg)
SP 800-200/500-299: NIST CLOUD SECURITY REFERENCE ARCHITECTURE - FUNCTIONAL CAPABILITIES -
![Page 18: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/18.jpg)
NIST SP 800-174: SECURITY AND PRIVACY CONTROLS FOR CLOUD-BASED FEDERAL INFORMATION SYSTEMS
![Page 19: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/19.jpg)
Overview of the NIST Cybersecurity Framework
Functions Categories Subcategories Informative Reference
IDENTIFY
PROTECT
DETECT
RESPOND
RECOVER
CAN BE MAPPED
TO DIFERENT
STANDARDS
![Page 20: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/20.jpg)
CSF FUNCTIONS & CATEGORIES
CSAT’s Questionnaire
IDENTIFY FUNCTIONAL CAPABILITIES & CLOUD ACTORS’ RESPONSIBILITIES SELECT SECURITY CONTROLS (NIST & FEDRAMP BASELINES)
CSAT Approach
![Page 21: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/21.jpg)
CSAT supports SSP generation providing traceable information for each instance of the SP 800-53 security controls of WHERE (for what purpose) the controls is needed. (Implementation details are necessary).
CSAT supports 2 different views of the SSP :
FISMA compliance view (focused on baselines )
Hierarchical view for enhanced security assessment (focused on components and capabilities)
Ready for use with the Open Security Controls Assessment Language (OSCAL)
OSCAL supports automation – will be introduced later!
SELECT SECURITY CONTROLS (NIST & FEDRAMP BASELINES)
CSAT - Next Step-
![Page 22: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/22.jpg)
CLOUD SECURITY ARCHITECTURE TOOL (CSAT)
![Page 23: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/23.jpg)
![Page 24: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/24.jpg)
Suggested functional capabilities and security controls based on the answers to the Questionnaire
CLOUD SECURITY ARCHITECTURE TOOL (CSAT)
![Page 25: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/25.jpg)
DEMO
![Page 26: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/26.jpg)
CLOUD SECURITY ARCHITECTURE TOOL (CSAT)
![Page 27: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/27.jpg)
Cloud Security Architecture Tool on GitHub
https://github.com/usnistgov/CloudSecurityArchitectureTool/tree/master/Documents
![Page 28: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/28.jpg)
CSAT can leverage Open Security Controls Assessment Language (OSCAL) to
assist with System Security Plans’ (SSP) generation & to support assessments’
automation and continuous monitoring
![Page 29: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/29.jpg)
What is OSCAL? A new “Standard of Standards” that normalizes how system security
controls and corresponding assessment information are represented;
Standardized: OSCAL provides an open, standardized way of representing security control, control implementation, and assessment information that can be used by both humans and machines
Interoperable: OSCAL is well-defined allowing development of OSCAL-enabled tools that are interoperable and use information consistently
Easy to use: OSCAL machine-readable content can be converted to human-readable formats, and developed OSCAL-enabled tools are available for organizations to build, customize, and use OSCAL information
Improves the efficiency, accuracy, and consistency of system security assessments.
29
![Page 30: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/30.jpg)
OPEN SECURITY CONTROLS ASSESSMENT LANGUAGE (OSCAL)
30 Catalog/Framework Schema
Profile Schema Metrics Schema
Implementation Schema Mechanism Schema
Assessment Schema Assessment Results Schema
Implementation Schema
![Page 31: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/31.jpg)
OSCAL Workflow
Hu
man
-Ori
ente
d
Mac
hin
e-O
rien
ted
Control Documentation
Catalog / Framework
Select appropriate catalog(s) of controls
• NIST 800.53
• COBIT 5
• ISO/IEC 27001/2
• etc.
System Security Plan (SSP)
Implementation
Align and implement baseline against OSCAL-enabled
system components
Address gaps
Security Assessment Plan (SAP)
Assessment
Identify and use questionnaires and automated
tests to demonstrate
compliance (e.g. OCIL, SCAP)
Security Assessment
Results (SAR)
Assessment Results
Produce automated Audit
Results and POA&Ms based on
test plan and assessed
implementation
Baseline Documentation
Profile
Select an appropriate
existing baseline
Tailor the selected
baseline for implementation
Create a custom baseline
31
31
![Page 32: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/32.jpg)
An Example OSCAL Information Flow
OSCAL CatalogSP 800-53 rev4
SP 800-53a rev4
Control
Control
Subcontrol
Statements and Guidance Parameters Assessment objectives
and methods
Statements and Guidance Parameters Assessment objectives
and methods
Statements and Guidance Parameters Assessment objectives
and methods
OSCAL ProfileSP 800-53 rev4 Moderate Baseline
Selected Control
Selected Subcontrol
OSCAL ProfileCustom Baseline
Selected Control
Selected Subcontrol
Selected Control
Control Modifications
Control Modifications
Subcontrol Modifications
OSCAL AssessmentTest P lan
Control Assessment
Subcontrol Assessment
Control Assessment Tie to Assessment
Objectives and Methods Link to questionnaires
and automated tests
Tie to Assessment Objectives and Methods
Link to questionnaires and automated tests
Tie to Assessment Objectives and Methods
Link to questionnaires and automated tests
Assessment Results
• Provide requirements traceability from control definition through assessment • Allows control, implementation, and assessment data to be provided by and linked to by
different organizations
OSCAL ImplementationSystem Security Plan
Control Implementation
Subcontrol Impl.
Control Implementation Responsible Roles Implementation status Parameter values Other details
Responsible Roles Implementation status Parameter values Other details
Responsible Roles Implementation status Parameter values Other details
32
![Page 33: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/33.jpg)
OSCAL IMPLEMENTATION & SSP DEVELOPMENT APPROACH
Parallel approach:
* From the top down *From the bottom up
FedRAMP SSP
Ch 13: Controls
Ch 1-12
SSP in OSCAL
System Specification (=aggregation of Capabilities)
Capability Specification (=aggregation of Components)
Component Specification
Ch 1-12 (GSA team)
System Specification (=aggregation of Capabilities)
Capability Specification (=aggregation of Components)
Components Specification
Component Definition Provided by the owner or CSP
Examples of Component Diagrams
https://diagrams.fr.cloud.gov/
Examples of Component Diagrams https://diagrams.fr.cloud.gov/
33
![Page 34: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/34.jpg)
OSCAL Documentation: https://pages.nist.gov/OSCAL/
![Page 35: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/35.jpg)
OSCAL EXAMPLES (EXPLAINED): HTTPS://PAGES.NIST.GOV/OSCAL/EXAMPLES/?XML#
![Page 36: NIST Cloud Security Architecture Tool (CSAT)...NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution October](https://reader030.fdocuments.net/reader030/viewer/2022041219/5e4d79cbfb5dff50b02bed52/html5/thumbnails/36.jpg)
Questions?
CLOUD SECURITY ARCHITECTURE TOOL ON GITHUB: HTTPS://GITHUB.COM/USNISTGOV/CLOUDSECURITYARCHITECTURETOOL
36
THANK YOU!
FOR MORE INFORMATION : [email protected].
OSCAL ON GITHUB: HTTPS://GITHUB.COM/USNISTGOV/OSCAL
OSCAL-SPECIFIC INQUIRIES: [email protected]