Tag Archive: FedRAMP

FedRAMP Low, Moderate, High: Understanding Security Baseline Levels

Written by
Published 09/24/2019

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program that ensures that the proper level of information security is in place when U.S. government agencies access cloud products and cloud services.  FedRAMP standardizes the approach to security assessment, authorization, and continuous monitoring of cloud service providers (CSPs). FedRAMP grants authorizations to CSPs at three impact levels: low, medium, and high.  These levels refer to the intensity of a potential impact that may occur if an information system is jeopardized. Here’s a quick summary of each level, with detailed sections below: Low impact risk: Encompasses data intended for public use. Any loss of data wouldn’t compromise an agency’s mission, safety, finances, or reputation. Moderate impact risk: Mainly includes…

NIST and FedRAMP: A Brief Overview

Written by
Published 05/27/2016

Like the rest of the US Federal Government, the world of compliance contains many acronyms. Two of the most important regarding cybersecurity are NIST, an organization that publishes guidance on security and privacy controls, risk management, and other cyber-risk-related topics; and FedRAMP, which governs the security of cloud environments used by federal agencies and authorizes their use. NIST Background The National Institute of Standards and Technology (NIST), in partnership with the U.S. Department of Defense (DOD), produces, among other things, a series of documents known as Special Publications (SP).  The NIST SP 800 series deals with computer security policies, security requirements, and baseline controls. The most widely used is NIST 800-53, Security and Privacy Controls for Federal Information Systems and…

Tags: , ,
Categorized in: , ,

August Standards Updates: FedRAMP Seeks Help, HIPAA Concerns, ISO “Landmark” and NIST Developments

Written by
Published 09/02/2015

FedRAMP Needs Feds to Help Refine High Impact Baseline The standards set forth by the High Impact Baseline will allow commercial cloud service providers to host sensitive information in their systems. Considering the potential that this Baseline has to shape the FedRAMP program going forward, officials are working hard to ensure that they get the standard right. After receiving public comments on their draft of the High Impact Baseline, FedRAMP is looking for help from federal employees to revise the standards set forth. FedRAMP plans to create “The Tiger Team,” which will consist of federal IT managers who can facilitate and oversee the revision process and prepare a final draft of the Baseline, which is scheduled to be finished prior…

Tags: , , ,
Categorized in:

July Blog Round-Up: P2PE Version 2.0, FedRAMP Developments and The Tainted Legacy of Legacy Systems

Written by
Published 07/27/2015

Latest in PCI PCI Update Paves Way For Expanding Point-to-Point Encryption (P2PE) Key Takeaway: Starting this past month, the PCI Security Standards Council introduced P2PE Version 2.0, which is the latest step by the PCI towards expanding point-to-point encryption. By drafting more flexible P2PE implementation standards, the PCI aims to facilitate the adoption of this technology by merchants. P2PE enables merchants to encrypt cardholder data at the point of sale, which is vital for protection against hackers.   FedRAMP Wrap-Up FedRAMP Releases Framework for Cloud Security Assessments Key Takeaway: This past month, FedRAMP released the “FedRAMP Penetration Test Guidance.” This document lays out the rigorous testing that cloud service providers must go through before being approved for government use. A…

Tags: ,
Categorized in:

How FedRAMP Compliance Can Give You a Competitive Edge

Written by
Published 04/06/2015

This post was originally published on Cloud Computing Journal. When describing cloud computing, terms like highly scalable, efficient, and on-demand probably come to mind. Unfortunately, those same descriptors aren’t commonly associated with operations in the federal government. In 2010, the White House’s Office of Management and Budget set out to change that with the Cloud First Policy. Through cloud computing, the OMB aimed to help federal agencies consolidate and provide new services cheaper and faster. But with cloud adoption comes the heightened challenge of ensuring a secure and trustworthy environment. That’s where FedRAMP comes in. FedRAMP defines the requirements for cloud service providers’ security controls, including vulnerability scanning, incident monitoring, logging, and reporting. CSPs in use at federal agencies or…

Tags: ,
Categorized in: