Security

9th vendor gets FedRAMP approval

cloud security

Another company has received the Federal Risk and Authorization Management Program (FedRAMP) seal of approval.

Akamai Technologies has been granted provisional approval to offer cloud services to the government after meeting the rigorous requirements of the government's standardized approach to security assessment for cloud services, becoming the ninth vendor to do so.

GCN, a sister publication of FCW, first reported the news Aug. 29, noting Akamai received the FedRAMp Joint Authorization Board's provision authorization, which involves "a thorough review by chief information officers of the General Services Administration, and Homeland Security and Defense departments."

Akamai was assisted through the FedRAMP process by Knowledge Consulting Group, a FedRAMP-accredited third-party assessment organization. Its certified and accredited offerings include content delivery, secure content delivery, HD streaming, NetStorage, global traffic management and enhanced Domain Name System.

GCN reported that 14 of the 15 Cabinet-level agencies already use Akamai's Intelligent Platform, but its FedRAMP approval encourages other agencies to use Akamai as a cloud service provider or as a front-end network to other FedRAMP cloud providers.

Five other cloud providers have been granted provisional authority in addition to Akamai: AT&T, Autonomic Resources, CGI Federal, Hewlett-Packard and Lockheed Martin. 

Three other cloud providers have been granted agency authority to operate, according to GCN: Amazon Web Services' GovCloud and US East/West offerings, each receiving authorization by the Health and Human Services Department earlier this year; and the Department of Agriculture's National Information Technology Center, which has also been granted an authority to operate by the USDA Office of the CIO – the only federal agency to meet FedRAMP's requirements thus far.

About the Author

Frank Konkel is a former staff writer for FCW.

Reader comments

Thu, Oct 3, 2013

The process, review, acceptable risk, and rigor is vastly different from a JAB FedRAMP P-ATO (independence, interactive 6+month review by technical and security experts from DHS, DOD and GSA - looking for secure CSPs that meet needs government-wide - and requires continuous monitoring) v. a short review of one agency's eyes for a specific application or service for a specific agency. Night and Day. Not even the FedRAMP website explains the difference well - but an agency should educate themselves thoroughly before signing on to anything less than a JAB FedRAMP P-ATO.

Tue, Sep 3, 2013 Peter Stark Washington, DC

The article states that Akamai is the 9th vendor to receive FedRAMP approval, then lists only five others. The other three are characterized as receiving "agency authority to operate," implying it's not the same as FedRAMP ATO (presumably being issued by an individual agency for its own enterprise). Then it concludes by stating that one of those three is the only federal agency to achieve FedRAMP approval. It doesn't seem like all those statements can be true. Does an agency ATO somehow equate to FedRAMP approval?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above