|Date Posted||January 11, 2019|
Serves as an Information Assurance and Cloud computing SME with regards to Certification and Accreditation (C&A) and a broad coverage of the application of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) standards and guidance as outlined in the NIST Special Publication(s) (SP) 800-53 and 800-37 (Current versions).
The CCS shall maintain current certification as a Certified Cloud Security Professional and Certified Information Systems Security Professional (CISSP).
Possesses the ability to work independently with substantial cloud computing security knowledge.
The assessor must have the essential skillsets to identify, manage and resolve cloud computing security risk and implement “best practices” as applied within a cloud environment (across all of the different deployment and service models, and derivatives).
The CCS must be well versed in FedRAMP assessment methodology of security and privacy controls deployed in cloud information systems to include six (6) domain areas.
The six domains include:
• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform & Infrastructure Security
• Cloud Application Security
• Legal & Compliance