Category: FedRAMP

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

Written by

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place when U.S. government agencies access cloud products and cloud services.  FedRAMP standardizes the approach to security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). FedRAMP grants authorizations to CSPs at three impact levels: low, medium, and high.  These levels refer to the intensity of a potential impact that may occur if an information system is jeopardized. Here’s a quick summary of each level, with detailed sections below: Low impact risk: Encompasses data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation. Moderate impact risk: Mainly includes…

Checklist For FedRAMP Requirements

Written by
checklist for fedramp requirements

FedRAMP compliance requires detailed documentation for certification. With this checklist for FedRAMP requirements, review some important concerns before submitting your documentation.

Categorized in:

NIST and FedRAMP: A Brief Overview

Written by
differences and similarities between NIST and FedRAMP

NIST and FedRAMP: A Brief Overview   If you’re new to the world of compliance in the US Federal Government, there can be some tricky terms to navigate. Here’s a quick primer on the similarities and differences between NIST and FedRAMP. NIST Background The National Institute of Standards and Technology (NIST) produces, among other things, a series of documents known as Special Publications (SP). The NIST SP 800 series deal with computer security, and NIST 800-53 revision 4, Security and Privacy Controls for Federal Information Systems and Organizations details information security/privacy controls which must be in place for information systems in the US Federal government. There are other 800-series documents which cover elements of information security including risk management (SP…

Tags: , ,
Categorized in: , ,