Skip to main content

September 2015 FedRAMP PMO Newsletter

New Compliant CSPs!

The FedRAMP PMO is excited to announce a new FedRAMP Compliant cloud systems!

 Esri logo Esri received an Agency Authorization through the U.S. Census Bureau on September 4, 2015.** Esri Managed Cloud Services provides organizations with ready-to-use instances of ArcGIS running in the cloud and includes the infrastructure (facilities, hardware, network, and security), the software (Esri and third party), application deployment, testing, ongoing data management (data updates, backup, and archive), technical support, monitoring, and supporting 24/7 Security Operations Center.

FedRamp now has 48 FedRAMP Compliant CSP systems! A complete list of all FedRAMP Compliant CSPs can be viewed here.

**Most government agencies would be safer, would be better off, to move all of their traffic right now to FedRAMP-compliant providers, that are cloud service providers, than to keep it in-house because they are being held to a much higher standard than the government agencies.”**~ Richard Spires, former DHS Chief Information Officer

Updated Revision 4 Transition Guide

The FedRAMP PMO has updated the Revision 4 Transition Guide. The updated guide sets a hard deadline for all Cloud Service Providers (CSPs) to transition to the National Institutes of Standards and Technology (NIST) Revision 4 standards. Beginning January 1, 2016 will only accept materials aligned to the Revision 4 standards. Any Revision 3 documentation submitted to the PMO after that time will not be accepted.

The FedRAMP website currently contains Revision 4 transition guidance and templates. An updated FedRAMP Revision 3 to Revision 4 Annual Assessment Control Template and Revision 4 Test Cases are available on the Templates section of the website. Please update all documents through the OMB MAX Secure Repository. The FedRAMP PMO and ISSOs as well as your Agency are available for questions and concerns during this transition period. Please contact the PMO at

High Baseline Public Comments

There have been many inquiries about the status of the FedRAMP High Baseline. The FedRAMP PMO is able to provide the following information about the High Baseline:

  • A second round of public comments for the FedRAMP High Baseline will be released in November 2015 for 15 days.

  • The High Baseline is planned to be finalized and released in December 2015.

Earlier this month, the FedRAMP PMO conducted a series of tiger team meetings with High Impact system owners and agency leads to adjudicate the first round of public comments solicited in January of this year. The second round of public comments will provide summary details for each control that had comments and the disposition of those comments from the tiger teams and the JAB.

The second round of public comments will be released for a shorter period of time , 15 days , so CSPs and agencies alike should be prepared to provide any final comments.

Coming Soon: Review and Approve Training Module

As part of our ongoing training series, the FedRAMP PMO will unveil a new training module in early October. This module focuses on the newly implemented Review and Approve (R&A) process. This training describes the end-to-end R&A process, beginning with first contact by an Applicant (Cloud Service Provider [CSP] or Agency) through posting of the Authorization Package in the FedRAMP Secure Repository. The FedRAMP PMO has redesigned the application process to the FedRAMP Program to be more efficient, structured, and scalable. Read the whole story.

FedRAMP in the News

Upcoming Events

Page of