«

»

Feb
04

FedRAMP – The Gateway Into Secure Cloud Computing

FedRAMP 3PAO Accredited logo

FedRAMP (The Federal Risk and Authorization Management Program) is a government-wide program that aims to offer agencies a standard approach to IT security, authorization, and ongoing monitoring for cloud products and services.

It’s the federal government’s gateway into secure cloud computing. Since the administration implemented the “Cloud First” policy, some agencies have found it tough to move critical IT systems due to security and high costs.

FedRAMP helps these agencies by providing 3 things:

  1. Rigorous security authorizations
  2. Improved real-time security through continuous monitoring
  3. Increased quality of the Federal security authorization process

Additionally, FedRAMP reuses existing processes and saves cost, time, and resources with a “do once, use many times” approach. It’s a much more efficient and more secure method for agencies to adopt cloud solutions, and is the centerpiece of a more transparent security assessment methodology across the federal government.

History

FedRAMP launched in June 2012 and is currently in its initial phases. We aim to provide these Cloud Service Providers (CSP) with the official “Ability to Operate” – which demonstrates to agencies that a CSP meets the FedRAMP requirements and is approved for federal government use.

Authorizations and 3PAO Accreditation

Provisional authorizations of cloud providers result in a common security risk model that all federal agencies can use, ensuring a consistent standard for these cloud-based technologies. In order to obtain a provisional authorization, the CSPs must meet the FedRAMP requirements through testing and documentation. In order to achieve this, CSPs usually hire “Third Party Assessment Organizations” to review their compliance documents for compliance and to ensure independence and fairness.

Since we’ve launched, FedRAMP has focused on preparing and walking CSPs through the entire process. The program hosted a webinar series to help clarify CSP roles and responsibilities during the process. In addition, FedRAMP is hosting documentation training sessions for CSPs which will answer any questions regarding FedRAMP templates and documents.

To date, more than 80 CSPs have applied to FedRAMP. In December, FedRAMP granted its first provisional authorization and there are plans to issue more in the upcoming months.

For more info and the latest news, please visit us at FedRAMP.gov. If you have any questions, please don’t hesitate to email us at info@fedramp.gov.

Share and Enjoy:
  • Twitter
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay

1 comment

  1. Kaunda says:

    FedRAMP is a great initiative especially in the face of rampant well crafted hacking of government sites by anonymous and friends. especially in the could, i dont think security companies have really assessed the security threats of the could and plugged in the holes

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>