Tag Archive: FedRAMP

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

Written by
FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place when U.S. government agencies access cloud products and cloud services.  FedRAMP standardizes the approach to security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). FedRAMP grants authorizations to CSPs at three impact levels: low, medium, and high.  These levels refer to the intensity of a potential impact that may occur if an information system is jeopardized. Here’s a quick summary of each level, with detailed sections below: Low impact risk: Encompasses data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation. Moderate impact risk: Mainly includes…

NIST and FedRAMP: A Brief Overview

Written by
differences and similarities between NIST and FedRAMP

NIST and FedRAMP: A Brief Overview   If you’re new to the world of compliance in the US Federal Government, there can be some tricky terms to navigate. Here’s a quick primer on the similarities and differences between NIST and FedRAMP. NIST Background The National Institute of Standards and Technology (NIST) produces, among other things, a series of documents known as Special Publications (SP). The NIST SP 800 series deal with computer security, and NIST 800-53 revision 4, Security and Privacy Controls for Federal Information Systems and Organizations details information security/privacy controls which must be in place for information systems in the US Federal government. There are other 800-series documents which cover elements of information security including risk management (SP…

Tags: , ,
Categorized in: , ,

August Standards Updates: FedRAMP Seeks Help, HIPAA Concerns, ISO “Landmark” and NIST Developments

Written by

FedRAMP Needs Feds to Help Refine High Impact Baseline The standards set forth by the High Impact Baseline will allow commercial cloud service providers to host sensitive information in their systems. Considering the potential that this Baseline has to shape the FedRAMP program going forward, officials are working hard to ensure that they get the standard right. After receiving public comments on their draft of the High Impact Baseline, FedRAMP is looking for help from federal employees to revise the standards set forth. FedRAMP plans to create “The Tiger Team,” which will consist of federal IT managers who can facilitate and oversee the revision process and prepare a final draft of the Baseline, which is scheduled to be finished prior…

Tags: , , ,
Categorized in:

July Blog Round-Up: P2PE Version 2.0, FedRAMP Developments and The Tainted Legacy of Legacy Systems

Written by

Latest in PCI PCI Update Paves Way For Expanding Point-to-Point Encryption (P2PE) Key Takeaway: Starting this past month, the PCI Security Standards Council introduced P2PE Version 2.0, which is the latest step by the PCI towards expanding point-to-point encryption. By drafting more flexible P2PE implementation standards, the PCI aims to facilitate the adoption of this technology by merchants. P2PE enables merchants to encrypt cardholder data at the point of sale, which is vital for protection against hackers.   FedRAMP Wrap-Up FedRAMP Releases Framework for Cloud Security Assessments Key Takeaway: This past month, FedRAMP released the “FedRAMP Penetration Test Guidance.” This document lays out the rigorous testing that cloud service providers must go through before being approved for government use. A…

Tags: ,
Categorized in:

How FedRAMP Compliance Can Give You a Competitive Edge

Written by
FedRAMP

This post was originally published on Cloud Computing Journal. When describing cloud computing, terms like highly scalable, efficient, and on-demand probably come to mind. Unfortunately, those same descriptors aren’t commonly associated with operations in the federal government. In 2010, the White House’s Office of Management and Budget set out to change that with the Cloud First Policy. Through cloud computing, the OMB aimed to help federal agencies consolidate and provide new services cheaper and faster. But with cloud adoption comes the heightened challenge of ensuring a secure and trustworthy environment. That’s where FedRAMP comes in. FedRAMP defines the requirements for cloud service providers’ security controls, including vulnerability scanning, incident monitoring, logging, and reporting. CSPs in use at federal agencies or…

Tags: ,
Categorized in: