Skip to main content

Focus on FedRAMP

Best Practices for Multi-Agency Continuous Monitoring

Both Cloud Service Providers (CSPs) and Federal Agencies play a role in Continuous Monitoring. FedRAMP Authorized CSPs are required to perform Continuous Monitoring to maintain a sufficient security posture. Federal Agencies are obligated to review a CSP’s Continuous Monitoring artifacts to determine if an Authority-to-Operate (ATO) is appropriate over the life of the system. Completing Continuous Monitoring and managing multiple...

Read More

FedRAMP Tailored Lessons Learned

FedRAMP introduced the Tailored baseline for Low-Impact Software-as-a-Service (Li-SaaS) in 2017 to meet our stakeholders’ need for an expedited path for cloud authorization. FedRAMP’s fourth baseline - Tailored - empowers Agencies to partner with Cloud Service Providers (CSPs) and rationalize security requirements for low risk use cases of SaaS, transforming how the government authorizes cloud services. Tailored empowers Agencies to...

Read More

Guidance on FedRAMP's Applicability to State and Local Entities

In December 2011, the federal government established FedRAMP to provide a cost-effective and risk-based approach to cloud adoption for executive departments and agencies. This included the development of a risk management framework based on FISMA requirements and NIST 800-53 by which cloud service offerings can be assessed and authorized by federal agencies. Given that FedRAMP is a rigorous cloud security...

Read More

FedRAMP Connect Business Cases Due April 12th

Reminder to all Cloud Service Providers (CSPs) that the next due date for Business Case submissions for prioritization by the Joint Authorization Board (JAB) with our FedRAMP Connect process is Friday, April 12th! You can find all of the details, requirements, and tips for success in our JAB Prioritization Criteria and Guidance document. A successful submission should include at least...

Read More

FedRAMP Hosts Another Successful Agency ISSO Training Day

On March 25th, FedRAMP hosted its fourth Agency Information System Security Officer (ISSO) training. This training was a huge success, drawing over 90 Information Security Professionals from over 30 Federal Agencies. Thank you to everyone who took time out of their day to join us. The training provided a collaborative space for ISSOs to review, understand, and discuss best practices...

Read More

Page 3 of 25