Autonomic gets DOD FedRAMP OK
- By Frank Konkel
- Nov 14, 2013
Autonomic Resources, the first cloud provider to achieve compliance under the Federal Risk and Authorization Management Program (FedRAMP) back in December 2012, has now become the first to achieve additional security control required by the Department of Defense.
Autonomic announced it was issued a provisional authorization by the DOD on Nov. 12 for its Autonomic Resources Cloud Platform (ARC-P) infrastructure as a service offering, making it the only cloud provider offered for DOD-wide acceptance under the Defense Information Systems Agency (DISA) Enterprise Cloud Service Broker catalog.
After ARC-P achieved FedRAMP compliance, it was further assessed using the DOD cloud security model, taking into account an additional 23 controls and enhancements from third revision of the National Institute of Standards and Technology Special Publication 800-53. According to Autonomic, ARC-P is now authorized at DOD Impact Levels 1 and 2, meaning it is approved for unclassified public information and unclassified private information.
"ARC-P is yet again first in security authorizations that are meaningful to our government cloud customer," said John Keese, President and CEO of Autonomic Resources.
"The ability to leverage our FedRAMP Provisional ATO, granted by the Joint Authorization Board, assisted DOD in rapid approval, something that would have been much more difficult with a single agency FedRAMP compliant ATO," Keese added in a statement. "Additionally, ARC-P is ready for authorization at Impact Levels 3 and 4 once finalized by DISA, and Level 5 by early 2014."
A provisional authorization is an initial approval for a cloud service provider's platform by the DISA Designated Accrediting Authority. That body can then use the provisional authorization to grant specific customers an authority to operate.
Thus far, 10 providers have achieved FedRAMP compliance, including Autonomic. The FedRAMP Joint Authorization Board has granted seven other cloud providers provisional authority to operate: Akamai, AT&T, CGI Federal, Hewlett-Packard, IBM, Lockheed Martin and Microsoft.
Meanwhile, the Health and Human Services department bestowed FedRAMP certification on Amazon Web Services' GovCloud and US East/West offerings, while the Agriculture Department certified its own National Information Technology Center.
Frank Konkel is a staff writer covering big data, mobile, open government and a range of science/technology issues. Connect with him on Twitter at @Frank_Konkel.