Key topics on Access Control Podcast: Episode 13 - Security Compliance & FedRAMP

• When done right, security compliance is a business enabler and involves undergoing independent verifications of controls to achieve certifications or reports.
• FedRAMP is a risk management program brought about to promote the adoption of cloud technologies across the federal government.
• Many, but not all, of the FedRAMP requirements tie back to an underlying NIST standard publication.
• FIPS validation is the process of actually taking an algorithm or a module all the way through a validation program using an independent lab.
• The term "FIPS compliant" creates confusion and is not a recognized designation, despite it actually holding some meaning.
• As a concept, shared responsibility is not exclusive to AWS and applies to other cloud service providers because it's very fundamental to how the cloud works.

Expanding your knowledge on Access Control Podcast: Episode 13 - Security Compliance & FedRAMP

• [NIST](https://www.nist.gov/)
• [FedRAMP](https://www.fedramp.gov/)
• [Teleport FedRAMP](https://goteleport.com/docs/enterprise/fedramp/)
• [Executive Order on Improving the Nations Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/)