[September] Chapter Meeting – FedRamp, 4 Years Later-Approving Commercial Cloud Offerings – Matt Goodrich, FedRAMP Director & Michael Carter, Lead

Presented by Mr. Matt Goodrich, Director of FedRAMP, and Michael Carter, Veris Group Service Lead

Thursday, September 15, 2016

5:30 PM – Networking and Dinner

6:30 – 8:00 PM – ISSA NOVA Announcements & Program

FedRAMP has been operational for over 4 years now. Changes have been made along the way to clarify and streamline the process of approving commercial cloud offerings. The process now is greatly different from 2012. What’s changed? What’s on the horizon? Matt Goodrich (FedRAMP Director) and Michael Carter (Veris Group 3PAO Service Lead) will break down these questions and provide a Q&A for anything related to the program.

Matt’s BIO:  Matt Goodrich is the Director for the Federal Risk and Authorization Management Program (FedRAMP) in GSA’s Office of Citizen Services and Innovative Technologies.

2016-MattGoodrich-PMO-FedRAMPMatt has worked on FedRAMP as part of the Federal Cloud Computing Initiative since August of 2009. In this role, he manages the FedRAMP Program Management Office and sets the overall direction of the program. As a mandatory Federal-wide initiative, FedRAMP is one of the leading cloud computing security programs paving the way for cloud adoption and ensuring the security of cloud computing solutions used by the US Government.

Matt has focused his career on removing the barriers to cloud adoption across the Federal government. He was part of the team that created the first government-wide cloud procurement vehicles through Apps.gov as well as the IaaS and cloud email BPAs at GSA. He authored two of the integral documents in the Administration’s push for cloud adoption. First, during his tenure at OMB, he was the key author of Security Authorization of Information Systems in Cloud Computing Environments which created the FedRAMP program. Second, he cowrote Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service which provides guidance to agencies in how to procure cloud services and was published through the CIO and CAO Councils.

Matt has been recognized for his efforts by receiving a Federal Computer Weekly Fed100 award in 2013, a GSA Administrator’s Award in 2014, and a FierceGovernmentIT Fierce15 Award in 2015. He began his career in the Federal government as a Presidential Management Fellow (PMF) in 2009. Matt has a BBA in Computer Information Systems from the University of Miami (FL) and a Juris Doctor from the University of Denver.

Michael’s BIO:  Michael Carter is the 3PAO (third-party assessment organization) Service Lead for the Veris Group, which supports FedRAMP.

2016-SEP-MichaelCarter-VerisGrp-forFedRAMPAs “cloud first” evolved from a federal aspiration to an actual practice, 2015 saw a surge of cloud service providers seeking authorization under the Federal Risk and Authorization Management Program (FedRAMP). Each one required a 3PAO in order to achieve compliance. For those cloud providers who have successfully navigated the FedRAMP program, Michael’s team has been involved in at least half of all FedRAMP-approved cloud offerings from either an advisory or an assessment perspective to date. He currently serves as the VP of Veris Group’s Governance, Risk, and Compliance practice where he is responsible for managing a team of security assessors, consultants, and engineers responsible for ensuring commercial cloud offerings are properly deployed, documented, and secured for Government use.

A former government IT specialist himself, Michael has worked on FedRAMP since the program’s beginning, including serving as the Project Manager for the very first FedRAMP-approved Joint Authorization Board (JAB) Provisional Authorization (p-ATO) back in 2012. He collaborates closely with the FedRAMP PMO and DISA on possible process improvements and has established himself as a key resource for the government’s cloud security community. In April 2016, he received the Federal Computer Weekly Fed100 award for his support of the FedRAMP program.

Location: MITRE 1 Auditorium

7525 Colshire Drive McLean, VA 22102

Registration: Register for meeting

For registration problems or further information contact Saravanan Ramachari at: vp_programs@issa-nova.org  ISSA–NOVA Senior Officers:  Steve Battista, Randy Sabett

ISSA–NOVA VPs: Karen Frederick, Rhonda Farrell, Cathy Hogendobler, Alfred Ouyang, Saravanan Ramachari, Rick Smith, Ana Valentin, John von Ruden
ISSA–NOVA Directors: Houda Abdelghani, Constantinos Doskas, David Jackson, Girish Mukhi, Lauren Rousseau, Raymond Stamps
Strategic Partnerships: Rhonda Farrell
Emeritus, Former President: Alex Grohmann

Sponsored By: The ISSA Northern Virginia (ISSA-NOVA) Chapter of ISSA International

Marketing Sponsors: American Society for Quality (ASQ) Section 509, IEEE Computer Society – Washington, DC & Northern Virginia Chapters, IEEE Women In Engineering (WIE) – NoVA, ISSA Intl Women In Security Special Interest Group (WIS SIG)

IEEEMetro Section     WIS SIG Logo