Goodrich: 'FedRAMP high' baseline coming soon
- By Troy K. Schneider
- Jan 22, 2015
Federal Risk and Authorization Management Program Director Matthew Goodrich said Jan. 22 that a draft baseline for cloud computing systems that require FISMA high-impact level security is nearly ready for public comment.
Addressing an audience of about 200 FedRAMP-focused government and industry personnel at an FCW-sponsored event in Washington, D.C., Goodrich said the "FedRAMP high" draft would be published Jan. 27.
Currently, FedRAMP authorizes systems only at the low- and moderate-impact levels set by the Federal Information Security Management Act. But adding high-impact cloud systems is part of the FedRAMP roadmap, and Goodrich said his office is also open to establishing other baselines if there is sufficient agency demand.
For example, the National Institute of Standards and Technology's 800-series standards for FISMA compliance allow the impact levels for a system's availability, confidentiality and integrity to be set separately, but Goodrich said that FedRAMP is currently locked in a "Low-low-low, medium-medium-medium, high-high-high."
If there was the need for a baseline that hit high-impact standards only for, say, confidentiality, Goodrich said, "we're not closed off to the idea."
Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.