Category: FedRAMP

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

Written by
Published 09/24/2019

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place when U.S. government agencies access cloud products and cloud services.  FedRAMP standardizes the approach to security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). FedRAMP grants authorizations to CSPs at three impact levels: low, medium, and high.  These levels refer to the intensity of a potential impact that may occur if an information system is jeopardized. Here’s a quick summary of each level, with detailed sections below: Low impact risk: Encompasses data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation. Moderate impact risk: Mainly includes…

Checklist For FedRAMP Requirements

Written by
Published 11/08/2018

FedRAMP compliance requires detailed documentation for certification. With this checklist for FedRAMP requirements, review some important concerns before submitting your documentation.

Categorized in:

NIST and FedRAMP: A Brief Overview

Written by
Published 05/27/2016

Like the rest of the US Federal Government, the world of compliance contains many acronyms. Two of the most important regarding cybersecurity are NIST, an organization that publishes guidance on security and privacy controls, risk management, and other cyber-risk-related topics; and FedRAMP, which governs the security of cloud environments used by federal agencies and authorizes their use. NIST Background The National Institute of Standards and Technology (NIST), in partnership with the U.S. Department of Defense (DOD), produces, among other things, a series of documents known as Special Publications (SP).  The NIST SP 800 series deals with computer security policies, security requirements, and baseline controls. The most widely used is NIST 800-53, Security and Privacy Controls for Federal Information Systems and…

Tags: , ,
Categorized in: , ,