FedRAMP is a U.S. Government program to standardize how the Federal Information Security Management Act (FISMA) applies to cloud computing services. Cloud computing offers many advantages over traditional computing. Through cloud computing, Federal Agencies are able to consolidate and provision new services faster, at the same time reducing information technology costs. Cloud computing also enables efficiencies for services to citizens and offers stronger cyber security safeguards than what is possible using traditional information technology (IT) methods.
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud based services. Using a “do once, use many times” framework, FedRAMP reduces the cost of FISMA compliance and enables Government entities to secure Government data and detect cyber security vulnerabilities at unprecedented speeds.
FedRAMP has dual primary goals to improve the government’s transition to cloud-based services:
Develop a standard, risk-based security framework to improve the conformity, security, and clarity of cloud security authorization documentation, mitigating agency data risk exposure
Encourage the sharing of documentation, information, and testing across the government to improve efficiency and reduce assessment and authorization costs.
Independent assessors (i.e., 3PAOs) play a critical role in the FedRAMP security assessment process. An independent assessor verifies CSP security implementations and provides the risk posture of a cloud environment for a security authorization decision. These assessment organizations must demonstrate independence and the technical competence required to test security implementations and collect representative evidence. Independent assessors:
Plan and perform security assessments of CSP systems
Review security package artifacts in accordance with FedRAMP requirements
The Security Assessment Report (SAR) created by the assessor is a key deliverable for agencies to use FedRAMP security assessment packages.
FedRAMP was a collaboration between the National Institute of Standards and Technology (NIST), General Services Administration (GSA), Department of Defense (DOD), and Department of Homeland Security (DHS).
FedRAMP utilizes a “do once, use many times” approach designed to reduce the cost of compliance versus requesting assessments each time an agency initiates a CSP acquisition.
FedRAMP is compliant with the Federal Information Security Management Act (FISMA) of 2002 and leverages the National Institution of Standards and Technology (NIST) baseline controls and framework for risk management. FedRAMP risk management encompasses four processes in the security assessment framework (SAF):
1. Document
2. Assess
3. Authorize
4. Monitor
How can we help?
Don’t go it alone through the FedRAMP process. It is important to communicate early and often with your 3PAO and a firm who can prepare your organization the nuances of FedRAMP. Begin with a pre-assessment.
As Fortidm is undergoing DOD facility secret clearance we are better equipped to handle the nuances of the Fedramp audit and get your cloud compliance with FedRamp.
Please visit the official site for FedRAMP at https://www.fedramp.gov
103 Carnegie Center,
Suite 300 Princeton,
NJ 08540,USA
default input value goes here.
Privacy Policy | © 2017 Fortidm Technologies