Skip to main content

FedRAMP October 2015 PMO Newsletter

New Compliant CSPs!

The FedRAMP PMO is excited to announce two new FedRAMP Compliant cloud systems!

  Autonomic Resources LLC received a JAB Provisional Authorization on October 9, 2015. The ARCWRX Platform-as-a-Service (PaaS) offering, built on RedHat OpenShift, provides an application development platform within a multi-tenant virtual environment leveraging the ARC-P IaaS system.
 Datapipe Government Solutions-logo Datapipe received a JAB Provisional Authorization on October 9, 2015. The Datapipe Government Solutions Federal Community Cloud Platform (FCCP) provides a unique approach to security that allows federal agencies to have more control and flexibility to meet their unique security needs. This platform is one of the first P-ATOs issued to a PaaS cloud service provider covering management through the virtual operating system.

FedRamp now has 22 JAB P-ATOs and 50 FedRAMP Compliant CSP systems! A complete list of all FedRAMP Compliant CSPs can be viewed here.

“There is no real cloud security model that’s been written in the U.S. outside of FedRAMP. Enterprises want a model they can snap into, and I think FedRAMP is as good as model as any.”~ Teresa Carlson, Amazon Web Services’ Vice President of Worldwide Public Sector

Commonly Missed Documents

Submitting a complete authorization package helps to speed-up processing time and the time to initiate a package review. But the PMO office has noticed a trend of Cloud Service Providers (CSPs) neglecting to include the fifteen required documents for an Initial Review. A list of the required documents can be found in the Initial Review Standard Operating Procedure.

The PMO has put together a list of the top five commonly missed required documents to help CSPs put together a complete Authorization Package the first-time around.

Read the whole story.

Lessons Learned: Initial Review

Over the past few months, the FedRAMP PMO has conducted nearly 20 Initial Reviews of CSP packages. These reviews evaluated twenty-one Critical Controls for readability, relevance, sufficiency, and consistency. FedRAMP’s definition of each criteria is as follows:

Readable: Can we understand what was written?

Relevant: Did the statement actually address the control requirement?

Sufficient: Is there enough detail to fully address all portions of the requirement and meet any security related needs?

  • Tip: This is usually the “how” of a control statement.

Consistent: Do the implementation statements and the control template checkboxes match?

  • Tip: Is Implemented checked when a response describes the solution is in place?

Read the whole story.

New Team Member!

Ashley Mahan

We’re incredibly excited to announce another team member joining FedRAMP, Ashley Mahan! Ashley has served as a trusted Cyber Security Advisor for the Federal Government for the past decade and her joining the FedRAMP Team will help lead the effort to integrate FedRAMP and Cloud Computing into Agency IT Portfolios.

Find out more about Ashley!

Now Available: Review and Approve Training Module

FedRAMP’s “Review and Approve (R&A) Process” training module is now available on Blackboard. This training is designed to help FedRAMP Cloud Service Provider (CSP) and agency applicants understand the process to achieve FedRAMP compliance.

Students will learn:

  • The roles and responsibilities of CSPs, FedRAMP PMO, and Authorizing Officials

  • The designations given to authorization packages throughout the R&A process

Read the whole story.

FedRAMP in the News:

Upcoming Events

Page of