Does FedRAMP/NIST 800-53 Moderate require that the SDL/SIL be locked down tight like the cloud VMs and architecture would be? Or would it be better to keep the development servers located in the cloud?
For context, our current development servers are located in AWS Gov Cloud. Our developers want to bring the development servers into their lab instead of on the cloud. Would this require us to bring the lab up to compliance with 800-53. We are currently at 800-171 compliance and expect that 800-53 would be a lot more of a lift to get to.
[link] [comments]