Cloud

Goodrich: 'FedRAMP high' baseline coming soon

Shutterstock image: cloud infrastructure.

Federal Risk and Authorization Management Program Director Matthew Goodrich said Jan. 22 that a draft baseline for cloud computing systems that require FISMA high-impact level security is nearly ready for public comment.

Addressing an audience of about 200 FedRAMP-focused government and industry personnel at an FCW-sponsored event in Washington, D.C., Goodrich said the "FedRAMP high" draft would be published Jan. 27.

Currently, FedRAMP authorizes systems only at the low- and moderate-impact levels set by the Federal Information Security Management Act. But adding high-impact cloud systems is part of the FedRAMP roadmap, and Goodrich said his office is also open to establishing other baselines if there is sufficient agency demand. 

For example, the National Institute of Standards and Technology's 800-series standards for FISMA compliance allow the impact levels for a system's availability, confidentiality and integrity to be set separately, but Goodrich said that FedRAMP is currently locked in a "Low-low-low, medium-medium-medium, high-high-high." 

If there was the need for a baseline that hit high-impact standards only for, say, confidentiality, Goodrich said, "we're not closed off to the idea."

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


Featured

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.