Security vs. Compliance, Security Over Compliance, or Security and Compliance? (U31a)
As a provider of cryptographic modules and cloud services, Oracle must use FIPS 140 validated modules in cloud systems to meet certain procurement requirements and pass FedRAMP audits. Oracle also prioritizes providing secure cryptographic modules to customers by addressing vulnerabilities. While programs are in place to support this work, achieving both FIPS compliance and security simultaneously is always a challenge.
This talk will explore what Oracle has learned over the years to ensure both FIPS and FedRAMP requirements are met. The speaker will also review new FedRAMP guidance, effective January 2025, and show how it aligns with Oracle’s approach.