New FedRAMP Compliant CSPs!
The FedRAMP PMO is excited to announce a new FedRAMP compliant cloud system!
FedRAMP now has 34 compliant CSP systems! A complete list of all FedRAMP compliant CSPs can be viewed here.
Agencies Must Validate Federal Cloud Systems
The FedRAMP PMO works with the Office of Management and Budget (OMB) to ensure Federal agencies are authorizing cloud systems they use through the FedRAMP process. All Federal agencies must use the FedRAMP process for doing security assessments, authorizations, and continuous monitoring of cloud services. In order to validate that agencies are following this process, agencies must validate compliance with ALL of their cloud services through the FedRAMP PMO. This applies to ALL deployment models (public, private, hybrid, community) and ALL delivery models (infrastructure, platform, software).
There are two key elements that must be validated by the FedRAMP PMO:
- Agency ATO letters
- Security Authorization Packages
Thank You for Your Comments!
Draft FedRamp-TIC Overlay Public Comment Period Ended
Thank you to everyone who submitted comments for the draft FedRAMP-TIC Overlay. The 30-day public comment period ended on May 2, 2015. In total, the PMO received 303 comments from 15 Federal agencies and 8 Cloud Service Providers (CSPs). This DRAFT overlay is the first step in updating TIC’s current reference architecture to allow for greater flexibility as agencies move to the cloud securely. The overlay will enable mobile users to directly connect to Federal cloud system without utilizing a TIC Access Provider (TICAP) or Managed Trusted IP Service (MTIPS).
The PMO will continue to provide updates about the FedRAMP-TIC overlay as the initiative progresses.
FedRAMP Tip: The Power of Asking ‘How?’
When documenting a control implementation, the how is crucial. Before you start writing control implementations, find out how something is done. Asking ‘how’ enables the writer to explain in detail the functions and parameters of each control. Ask an expert if you are unsure how something works. For example, if you are writing about how to link TACACS+ to AD and are unsure about that process, take some time to ask a subject matter expert (SME) how something is done. Document the steps and then turn it into a paragraph. A well-written and detailed control implementation is easily tested, which leads to a better path to authorization.
FedRAMP in the News
- FedRAMP should consider cloud-broker model , ExecutiveBiz
- Waiting on brokers, don’t hold your breath , FierceGovernment IT
- Matt Goodrich on FedRAMP in the year ahead, cloud barriers at agencies , ExecutiveGov
- Cloud brokers, the sequel , FCW.com
- Potomac Officers Club’s FedRAMP Forum Panel talks cloud evolution in government, role of vendors in adoption , GovConWire
- Survey: Feds not seeing ROI on cybersecurity spending , Federal Times
- SafeLogic collaborates with Intel Security for Cloud Security World presentation on FedRAMP , IT Business Net
- Matt Goodrich: FedRAMP website updates on key info availability, stakeholder education , ExecutiveGov
- Commercial IT fuels DoD Information Environment , Armed with Science
- Congressional Cloud Computing Caucus Inaugural Report Provides Metrics and Insight on the State of Federal Cloud Computing Progress , Virtual-Strategy Magazine
- Meritalk launches three new FedRAMP-focused, cloud initiatives , BusinessWire
- BlackMesh Achieves Highest Cloud Security Authorization From The U.S. Federal Government , Host Review
- NIST’s New Cloud Security Guidance Puts Focus Beyond FedRAMP Baseline , ExecutiveGov
- NIST prepping more cloud security control guidance to complement FedRAMP , FierceGovernment IT
- TIC overlay just the beginning for FedRAMP, says Goodrich , FierceGovernment IT
- DISA grants provisional authorization for 23 cloud offerings , C4ISR & Networks
- DISA approves 23 commercial cloud services , Converge Network Digest
- DISA approves 23 cloud providers for unclassified data , Defense Systems
- DOD oks 23 cloud solutions for least sensitive data , NextGov
- Make cloud fit like a nice suit , FCW.com
- UMT360, Project Hosts Partner to Deliver Enterprise Portfolio Mgmt Through FedRAMP Cloud , ExecutiveBiz