New Compliant CSPs!
The FedRAMP PMO is excited to announce six new FedRAMP Compliant cloud systems!
|IT-CNP, Inc. received a JAB Provisional Authorization on July 23, 2015.IT-CNP’s FedRAMP JAB-authorized GovDataHosting Cloud Platform (GCP) is delivered as FISMA-compliant Infrastructure-as-a-Service (IaaS) offering using multi-tenant Federal Government cloud and private cloud computing environment deployment models.|
|Microsoft received two Agency Authorizations. O365 through the U.S. Department of Justice (DOJ) in July 2015, and CRM Online through Housing and Urban Development (HUD).*Microsoft Office 365 with ITAR Support is a dedicated software-as-a-service offering that includes Microsoft Exchange Online, Microsoft SharePoint® Online, and Microsoft Lync Online. Customers can subscribe to one or more of the three services offered.Microsoft Dynamics CRM is a Customer Relationship Management software package developed by Microsoft. The Dynamics CRM Online allows users to coordinate workflow and develop metrics for the sales and marketing efforts within an organization.|
|Softlayer received an Agency Authorization through the Federal Communications Commission (FCC) in July 2015.*The SoftLayer Federal Cloud (SFC) is a high performance, high security, Infrastructure-as-a-Service Cloud provided by SoftLayer Technologies, Inc. SFC makes use of a unique managed and automated cloud service provider architecture layer (a multi-faceted Infrastructure-as-a-Service (IaaS) Cloud) that provides a variety of cloud-based services.|
|Adobe Systems received an Agency Authorization through Department of Health and Human Services (HHS) in July 2015 for its Adobe Managed Services (AEM, Connect, LiveCycle).*|
|Decision Lens received an Agency Authorization through Centers for Medicare and Medicaid Services (CMS).The Decision Lens Software is a cloud-based prioritization and resource optimization software solution. The Decision Lens Software system enables organizations to make critical decisions in Research and Development (R&D), capital planning, Information Technology (IT) portfolio planning, and budget optimization.|
|ConnectSolutions received an Agency Authorization through United States Citizenship and Immigration Services (USCIS).** The ConnectSolutions FedRAMP Meeting Cloud deploys and manages mission-critical collaboration solutions, and MeetingCloud is a managed private-cloud service that utilizes Adobe Connect and Microsoft Skype for Business. This cloud solution is primarily intended to support application hosting and services for government agency customers. The service is designed to allow for rapid growth and ease of management for any number of government customers and any sized government organization by providing dedicated cloud deployments of Adobe Connect for each government customer.|
- These packages are currently in PMO review, but are available for Federal agency use.
FedRamp now has 45 compliant CSP systems! A complete list of all FedRAMP compliant CSPs can be viewed here.
src=”https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/06/newsletter_lightbulb.png” alt=”newsletter_lightbulb” width=”70” height=”70” srcset=”https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/06/newsletter_lightbulb.png 268w, https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/06/newsletter_lightbulb-150x150.png 150w” sizes=”(max-width: 70px) 100vw, 70px” />
What is FedRAMP Ready?
“How do I become FedRAMP Ready?”
If you’re a Cloud Service Provider (CSP), then you might have asked this question. Or possibly you submitted this question to the PMO thinking FedRAMP Ready is a potential path to authorization. Becoming FedRAMP Ready is a key step in becoming FedRAMP compliant, but it is not a final determination. But if you plan on becoming FedRAMP compliant, then understanding the FedRAMP Ready designation is necessary. Read the full story.
INVITE: High Baseline Tiger Team
The Federal Risk and Authorization Management Program (FedRAMP) is looking for Government volunteers to join the High Baseline Tiger Team. This team will adjudicate the public commentary received for the draft High Baseline in January 2015.
The Tiger Team will develop a series of recommendations for changes to the high baseline. The team’s focus will be to review all comments received during the public comment period. The Tiger Team will adjudicate the comments in preparation for a second round of public comment on the draft baseline. Read the full story.
FedRAMP PMO releases three new documents
FedRAMP has released new three new documents which pertain to Federal agencies, Cloud Service Providers (CSPs), and Third-Party Assessment Organizations (3PAOs).
- The FedRAMP General Document Acceptance Criteria outlines the standards and quality which FedRAMP expects for all documents submitted to the program.
- The P-ATO Management and Revocation Guide lays out the escalation process and procedures FedRAMP will take when a CSPs fails to maintain the Continuous Monitoring requirements of a Provisional Authority to Operate (P-ATO).
- The 3PAO Obligations and Performance Guide details how FedRAMP ensures all accredited 3PAOs are meeting the same quality, independence, and knowledge requirements.
All three documents are available on the FedRAMP website.
FedRAMP 3PAO Requirements Webinar
The PMO hosted webinar on July 28th from 11 am to 12 pm EST on the DRAFT FedRAMP 3PAO Accreditation Requirements. If you missed the live webinar, you can listen to the recorded version on the FedRAMP website.
FedRAMP is requesting feedback on an updated, DRAFT version of the 3PAO Accreditation Requirements. This DRAFT updates FedRAMP’s current 3PAO requirements which originated in 2010. As a growing program, FedRAMP has recognized the need to update these requirements to improve the quality of 3PAO assessment documentation, assessment team training, and oversight of accredited organizations. Once finalized, these requirements will be used by the American Association of Laboratory Accreditors (A2LA) to review 3PAO applicants and evaluate currently accredited 3PAOs for inclusion within the FedRAMP 3PAO Program. Read the full public comment solicitation.
Online SSP Training Unveiled
On July 8, FedRAMP unveiled its latest training course titled “FedRAMP System Security Plan (SSP) Required Documents (200-A).” This new training course is mandatory for all companies that wish to submit an Authorization package. This course will familiarize you with the required documentation for initial package submission. This is the second course in the FedRAMP training series and more will be released in the coming months.
Newly Accredited 3PAOs
The FedRAMP PMO is happy to announce the addition of four Third-Party Assessment Organizations (3PAOs) to our growing directory!
- Cylance, Inc.
- Emagine IT
- Excentium, Inc.
- Information Technology Company (ITC)
- Price and Associates CPAs, LLC
View a full listing of FedRAMP accredited 3PAOs here.
FedRAMP in the News:
- Birst offers enterprise BI platform(GCN.co)
- Cylance approved as Federal Cloud Systems Inspector (Executive Biz)
- FedRAMP and PCI , a comparison of scanning and penetration testing requirements(Brightline)
- Can states take advantage of FedRAMP (GCN.com)
- After FedRAMP, Trust, but verify (GCN.com)
- Goodrich: Agencies get better through FedRAMP than they do with in-house systems (FierceGovernmentIT)
- Centrify clears first FedRAMP hurdle, on track to attain full compliance 2015 (Virtual-Strategy Magazine)
- 38 Cloud offerings from industry hold FedRAMP-compliant status (ExecutiveBiz)