An overview of the risks and mitigations encountered in planning the outsourcing of the United States Mint’s $700 Million a year numismatic ecommerce site. The presentation focuses on how to assess your cloud vendor and specific information and access to request to make sure your data is secure. Many of the mitigations discussed in the paper are not addressed in other articles. As an example one of the terms of the contract was the creation of a real time portal to provide firewall, application and database logs to meet FISMA continuous monitoring requirements. Also negotiated was both internal and external penetration testing of the hosts systems.
