What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a framework that saves an estimated 35% of government costs, as well as both time and staff. FedRAMP is the result of collaboration between cybersecurity and cloud experts from the General Services Administration, National Institute of Standards and Technology (NIST), Department of Homeland Security, Department of Defense, National Security Agency (NSA), Office of Management and Budget, the Federal Chief Information Officer Council and its working groups, as well as private industry.
FedRAMP authorizes cloud systems in a three step process:
~ Security Assessment: The security assessment process uses a standardized set of requirements in accordance with
FISMA using a baseline set of NIST 800-53 controls to grant security authorizations.
~ Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository
and leverage the security authorization packages to grant a security authorization at their own agency.
~ Ongoing Assessment & Authorization: Once an authorization is granted, ongoing assessment and authorization
activities must be completed to maintain the security authorization.
What This Means To You
Cloud computing is here to stay. Data center and cloud providers are seeing the direct impact that they can make on both private, public and government platforms. The FedRAMP program is a very comprehensive outline of what it takes to be a secure provider. However, the evaluation process is quite in depth.
Here are a few examples as outlined by the FedRAMP program.
~ Amazon AWS GovCloud. This IaaS platform helps deliver a government community cloud infrastructure.
~ Windows Azure public cloud solution. As both an IaaS and PaaS solution, Microsoft has created a dynamic offering
aimed directly at supporting government IT projects.
~ IBM SmartCloud for Government (SCG). A IaaS model that is capable of supporting a variety of government
Do I Need to be on the Cloud?
Organizations of all sizes are hoping on the cloud bandwagon. New types of services are being delivered from a variety of digital systems, which mean, security plays a big role.
Ultimately, the question is this: why sign up for FedRAMP?
~ Increases re-use of current security assessments across agencies
~ Saves s cost, time and resources
~ Improves real-time security visibility
~ Provides a standard approach to risk-based management
~ Enhances transparency between government and cloud service providers
~ Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization
FedRAMP Risk Assessment and Gap Assessment
As part of FedRAMP, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your FedRAMP audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.
FedRAMP Penetration Test
NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with FedRAMP.
FedRAMP Compliance Guide in XLS / CSV format
Check us out at www.securitycheckbox.com