Skip to main content

August 2015 FedRAMP Newsletter

New Compliant CSPs!

The FedRAMP PMO is excited to announce two new FedRAMP Compliant cloud systems!

  IBM received a JAB Provisional Authorization on August 5, 2015.IBM’s FedRAMP JAB-authorized MaaS360 Enterprise Mobility Enterprise Management is a comprehensive, cloud-based security and management platform for devices, applications, and content. Government agencies use MaaS360 to protect data and optimize productivity, enabling employees to work anytime and anywhere through trusted mobile interactions.
 Oracle logo Oracle received an Agency Authorization through the Department of Defense (DoD) on August 14, 2015.This strictly DoD Service Cloud deployed onto a robust, secure infrastructure hosting Oracle’s patented CX software applications in an environment accredited to FedRAMP-Moderate specifications. The Oracle Service Cloud is offered as a hosted cloud solution (i.e., operated and maintained by Oracle within its secure hosting environment at co-location facilities in the United States) providing.customers with a modern, efficient and secure cloud solution via a proven Software as a Service (SaaS) delivery model.

FedRamp now has 45 compliant CSP systems! A complete list of all FedRAMP compliant CSPs can be viewed here.

The Review & Approve Process

review_approve_page

To better address the growing number of Cloud Service Provider (CSP) applicants, the FedRAMP PMO has revamped its process for reviewing and approving Authorization Packages. This new Review and Approve (R&A) Process is designed to be more efficient, structured, and scalable with an emphasis on training and improving the quality of submitted Authorization Package documentation through greater transparency of FedRAMP processes and evaluation criteria. Read the full story.

Reminder: High Baseline Tiger Team

The Federal Risk and Authorization Management Program (FedRAMP) is looking for Government  (USG) and Federal Government contractors to join the High Baseline Tiger Team. This team will adjudicate the public commentary received for the draft High Baseline in January 2015.

FedRAMP is specifically looking for participants that currently are system owners or security staff that work on high baseline systems. The time commitment for the Tiger Team is one week of all-day, in-person meetings at GSA’s headquarters in downtown Washington DC. This is not an insignificant time commitment, but the input provided into this process will dramatically shape the FedRAMP program. It will also ensure high system owners across the USG will have input into this baseline, which will allow cloud service providers (CSPs) to be authorized for use at the FISMA high (H-H-H) impact level. Read the full story.

FedRAMP Introductory Training Re-Release

FedRAMP’s introductory training course will be available on Monday, August 31. Titled “Introduction to FedRAMP 100-A,” the course was originally released in March 2015 as part of the FedRAMP Forward initiative. It has been revamped to provide an accurate depiction of how the program functions and a starting point for those who are interested in FedRAMP. The course gives a general overview of the program’s governance, stakeholders, the three types of Authorization paths, and the relationship between FedRAMP and the National Institute of Standards and Technology (NIST) Risk Management Framework.

Even though the introductory course is not mandatory, the FedRAMP PMO recommends that all Cloud Service Providers (CSPs) take this course before submitting an application or writing a System Security Plan (SSP). All FedRAMP training courses are available on-demand and online through Blackboard.

FedRAMP in the News:

Page of