• • What is FedRAMP?
  • Why is FedRAMP Needed?
  • FedRAMP Goals
  •  Benefits of FedRAMP
  • Organizations involved in FedRAMP
  • Key Process of FedRAMP
  • Governance
  • Governing Body
  • Compliance
  • JAB Authorization Process
  • Agency Authorization Process
  • FedRAMP Authorization Act

CHAPTER 2: FedRAMP Requirements

• • Is FedRAMP mandatory?
  • How FedRAMP is different from FISMA
  • Cloud Computing More Secure for the Federal Govt
  • FedRAMP Relationship to the Risk Management Framework (RMF)
  • ATO vs. a Provisional ATO
  • ATO vs. P-ATO FedRAMP Authorization
  • FedRAMP Security Risk-based Model
  • FedRAMP Joint Authorization Board
  • National Institute of Standards and Technology
  • FedRAMP Security Risk-based Model
  • Department of Homeland Security (DHS)
  • FedRAMP Program Management Office
  • Federal CIO Council
  • Federal Agencies
  • Third Party Assessment Organizations (3PAO)
  • Cloud Service Providers (CSP)
  • FedRAMP Requirements

CHAPTER 3: Infrastructure as a Service

• • What is IaaS?
  • IaaS Delivery
  • IaaS Advantages
  • IaaS Disadvantages
  • IaaS Characteristics
  • When to use IaaS
  • IaaS Limitations and Concerns
  • Examples of IaaS

CHAPTER 4: Platform as a Service

• • What is Platform as a Service
  • Characteristics of PaaS
  • Cloud Provider vs. Cloud Consumer
  • PaaS Description
  • PaaS Delivery
  • Advantages of PaaS
  • Disadvantages of PaaS
  • When to use PaaS
  • Choosing PaaS as a Business Solution
  • Examples of PaaS

CHAPTER 5: Software as a Service

• • What is a SaaS?
  • Key Differences between SaaS and other models
  • Common Examples of SaaS
  • SaaS Delivery
  • SaaS Advantages
  • Disadvantages of SaaS
  • SaaS Characteristics
  • When to use SaaS
  • SaaS Limitations and Concerns

CHAPTER 6: Cloud Cybersecurity Service

• • Why Cybersecurity
  • CIA Triad
  • NIST Cloud Computing SP800-145
  • Cloud Security Alliance
  • NIST Cloud Working Group
  • Fast Identity Online (FIDO) Alliance
  • Cloud Benefits
  • Cloud Models
  • Components of Cloud:
  • Security Application
  • Intrusion Detection Systems (IDS)
  • Intrusion Prevention Systems (IPS)
  • Next Gen Firewalls
  • Unified Threat Monitoring (UTM)
  • Basic Risk Concepts
  • Penetration Testing in the Cloud
  • Amazon Web Services Security
  • Azure Security
  • Google Cloud Platform Security
  • Mobile App Security
  • Cloud and Biometrics

CHAPTER 7: Application Security

• • Training and Awareness
  • Cloud-Secure Software Development Lifecycle (SDLC)
  • ISO/IEC 27034-1 Standards for Secure Application
  • Identity and Access Management (IAM)
  • Cloud Application Architecture
  • Cloud Application Assurance and Validation

CHAPTER 8: FedRAMP Best Practice

• • FedRAMP process/flowchart
  • Preparation/Authorization/Continuous Monitoring
  • Selecting a FedRAMP 3PAO
  • How to Become a 3PAO/Guidelines
  • Security Testing
  • Guidelines for CSPs
  • After Acceptance into the FedRAMP program
  • FIPS 199 Template
  • E-Authentication Template
  • Privacy Threshold Analysis and Privacy Impact assessment (PTA and PIA)

CHAPTER 9: FedRAMP Security Assessment Plan

• • What is a Security Assessment Plan?
  • Laws, Regulations, Standards, Guidance
  • Applicable Standards to FedRAMP
  • FedRAMP Risk Management Framework
  • FedRAMP Concepts replaced by SAF
  • Authorities for SAF
  • 3PAO Accreditation Standards
  • 3PAO Obligations
  • Penetration Testing Plan and Methodology

CHAPTER 10: FedRAMP Continuous Monitoring Strategy

• • Purpose of ConMon
  • NIST RMF
  • What is Continuous Monitoring
  • ConMon Roles and Responsibilities
  • Additional Tips

CHAPTER 11: Penetration testing

• • Who is this for?
  • Scope of Pentest
  • Definitions
  • Rules of Engagement
  • Threat Models
  • FedRAMP Security Risk-based Model
  • Attack Vectors
  • Scoping the Pentest
  • Penetration Test Methodology and Requirements
  • Elements of a Penetration Test
  • Simulated Internal Attack/Discovery
  • Exploitation: Social Engineering, Web App/API

CHAPTER 12: FedRAMP SSP Writing Control

• • FedRAMP Documentation
  • Objectives of SSP
  • SSP Document Attachments
  • Necessary Organization and System Attributes
  • Successful Mindset for SSP Development
  • SSP Organization and Scope
  • Tips for Writing the SSP
  • Control Example: Account Management (AC-2)
  • Control Definition
  • Control Writing Tips
  • Instructions for Submitting a Security Package

CHAPTER 13: Kali Linux and Virtualization

• • What is Linux?
  • Windows V/s Linux OS
  • Components of Linux OS
  • What is a Linux Distro?
  • What is Kali Linux?
  • Features of Kali Linux
  • What is the difference with Kali Linux?
  • Downloading Kali Linux
  • Verifying Integrity and Authenticity
  • Making a Kali Bootable USB Drive
  • Kali Linux Live USB Install Procedure on Windows
  • Creating a Bootable Kali USB Drive on Linux
  • Booting Kali Live on Hard drive
  • Installing Kali Linux on VirtualBox

CHAPTER 14: Git and GitHub

• • What is GitHub?
  • What is Git
  • How to make a git directory
  • GitHub Repo

CHAPTER 15: Data Security and Cloud

• • Cloud Data Lifecycle
  • Cloud Storage Architectures
  • Cloud Data Security Foundational Strategies

CHAPTER 16: Software Development Life Cycle (SDLC)

• • SDLC
  • Software Development Security
  • Object Oriented Programming
  • Databases: Vulnerabilities, Threats, and Protections
  • Data Warehousing
  • Malicious Code

CHAPTER 17: Cloud Forensics