FedRAMP PMO Newsletter, June 2016
High Baseline Release
The Federal Risk and Authorization Management Program (FedRAMP) is excited to release the FedRAMP High Baseline Requirements! The High Baseline is available on our documents page. These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.
Why is this such a big deal? While 80% of Federal information is categorized at low and moderate impact levels, this only represents about 50% of Federal IT spend. Now that FedRAMP has set the requirements for high impact levels, that breaks open the remaining 50% of the $80 billion a year the US Government spends on IT that could potentially move to the cloud securely. That’s huge!
Call to Action
This is your chance to have your voice heard! The FedRAMP PMO needs volunteers to participate in developing the JAB prioritization criteria as part of the FedRAMP Accelerated program. The PMO is partnering ACT-IAC to establish the benchmarks for the new JAB process, and you can be a part of developing the new criteria.
The JAB prioritization workstream will kick off on Wednesday, July 29th, culminating in a solidified document on Monday, July 25th. The workstream webinar will begin at 2 pm ET. Ashley Mahan, FedRAMP Evangelist, and Eric Adams, industry POC, will lead the sessions. ACT-IAC members should register here and non-members should register here.
In March 2016, the FedRAMP PMO unveiled the Accelerated program, a means to a faster, more transparent JAB authorization. In the Accelerated process, the JAB will prioritize and select the cloud systems it wishes to evaluate.
Any member of the federal government (employee and contractor), cloud service provider, industry, or others interested in the JAB prioritization criteria are invited to join these session. If you are interested in joining the JAB prioritization workstream, email info@FedRAMP.gov with the subject line “JAB Prioritization Workstream.” Please include your organization and contact information in the email.**
New Compliant CSPs!
The FedRAMP PMO is excited to announce six new FedRAMP Compliant systems and one FedRAMP Ready system!
|[AT&T Government Cloud](https://www.fedramp.gov/marketplace/compliant-systems/att-att-government-cloud/) received a JAB Provisional Authorization (P-ATO) on May 19, 2016. The AGC is designed to provision virtual hardware, storage, and networks for clients rapidly to use as an infrastructure upon which they can install or provision platform and software services. By the AGC utilizing virtualization technologies, the risk of investment for Federal clients is reduced. By hosting all virtual elements on a secure, fully integrated, highly configurable, and easily expanded hardware platform, AGC will greatly reduce Assessment and Authorization (A&A) approval cycles for Federal clients for their own-hosted systems, as a result of the significant number of inheritable controls provided by this underlying infrastructure.|
|[1901 Group](https://www.fedramp.gov/marketplace/compliant-systems/1901-group-llc-in3sight-service-system-i3ss-in3sight/) is now a FedRAMP Compliant Agency ATO package sponsored by the Small Business Administration (SBA). The 1901 Group SaaS Managed Service Provider (MSP) offering is described within 1901 Group’s Information Technology Service Catalog that encompasses network, unified communications, security, storage, compute and application solutions on an as a Service basis. I3SS provides standardized processes, services and technology to customers via an accredited platform, resulting in stable and reliable IT environments, as well as timely, accurate and meaningful monitoring and management information for decision making, and integrated analytics that improve efficiency.|
|[TIBCO](https://www.fedramp.gov/marketplace/compliant-systems/tibco-tibbr/) is now a FedRAMP Compliant Agency ATO package sponsored by the U.S. Agency for International Development (USAID). TIBCO tibbr enables users to post news and updates, ask questions, make announcements, or share ideas using a familiar, social network user interface, while restricting who can see the posts to just specific individuals, certain groups, or the whole agency, depending upon the use case and privacy required.|
|[Knight Point Systems](https://www.fedramp.gov/marketplace/compliant-systems/knight-point-systems-cloudseed/) is now a FedRAMP Compliant CSP-Supplied package. The KPS Federal Community Cloud is an off-premise IaaS solution that leverages Cisco hardware, world-class Equinix facilities, and open-source technology to provide compute, storage, and network resources to Federal customers in a secure manner.|
|[Skyhigh Networks](https://www.fedramp.gov/marketplace/compliant-systems/skyhigh-cloud-access-security-broker-for-government/) is FedRAMP Compliant with a CSP-Supplied package. Skyhigh Cloud Access Security Broker for Government provides a Software as a Service (SaaS) offering which helps agencies gain visibility into their cloud usage and risks, meet compliance requirements, enforce security policies, and detect and respond to potential threats.|
|[Qualys](https://www.fedramp.gov/marketplace/compliant-systems/qualys-qualys-cloud-platform/) is FedRAMP Compliant with a CSP-Supplied package. The Qualys Cloud Platform provides Qualys services to customers where customers can continuously monitor their assets for vulnerabilities, compliance, and misconfigurations; automate remediation; and reduce organizational risk from their Qualys accounts via a secure interface, where all gathered data will be available for reporting and remediation.|
|<img class="wp-image-49851 size-full aligncenter" src="https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2016/05/cloud-gov_logo.png"width= "1000", height = alt="cloud-gov_logo" width="2000" height="1166" srcset="https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2016/05/cloud-gov_logo.png 2000w, https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2016/05/cloud-gov_logo-300x175.png 300w, https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2016/05/cloud-gov_logo-768x448.png 768w, https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2016/05/cloud-gov_logo-1024x597.png 1024w" sizes="(max-width: 2000px) 100vw, 2000px" />||[18F's Cloud.gov](https://www.fedramp.gov/marketplace/fedramp-ready-systems/18f-cloud-gov/) is now FedRAMP Ready. [cloud.gov](http://cloud.gov/) provides a Platform-as-a-Service (PaaS) based on Cloud Foundry, enabling instant provisioning of services and environments, easy deployment of applications, and rapid scaling to match demand.|
FedRAMP now has 72 FedRAMP Compliant CSP systems! A complete list can be viewed here
FedRAMP Accelerated Process
On March 28, 2016, FedRAMP announced the new FedRAMP Accelerated process, which includes significant modifications to how FedRAMP Joint Authorization Board (JAB) Provisional Authorizations (P-ATO) are conducted. The goal of the new process is to provide a significantly faster, more predictable timeline for Cloud Service Providers (CSPs) seeking to have their packages assessed as FedRAMP Authorized.
Updates to FedRAMP Templates
On Monday, June 27th FedRAMP will be releasing updates to our templates to add some “ease of use” features as well as ensure all of the templates reflect the different authorization levels (low, moderate, high) that CSPs can pursue through FedRAMP.
We’ve been on an amazing journey together. For the past few months, you’ve followed FedRAMP’s Agency Roadshow and #WheresAshley campaigns as I’ve visited agencies, CSPs, 3PAOs and the public. And what a ride it’s been! In the past month, Govloop, FCW, and Federal Times published great articles about FedRAMP’s agency outreach. I’ve spoken at federal cloud panels across Washington, D.C., including RedHat’s Government IT panel held just last week.