Tag Archive: Federal Information Security Management Act

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

Written by
Published 09/24/2019

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place when U.S. government agencies access cloud products and cloud services.  FedRAMP standardizes the approach to security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). FedRAMP grants authorizations to CSPs at three impact levels: low, medium, and high.  These levels refer to the intensity of a potential impact that may occur if an information system is jeopardized. Here’s a quick summary of each level, with detailed sections below: Low impact risk: Encompasses data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation. Moderate impact risk: Mainly includes…