Cloud

Goodrich: 'FedRAMP high' baseline coming soon

Shutterstock image: cloud infrastructure.

Federal Risk and Authorization Management Program Director Matthew Goodrich said Jan. 22 that a draft baseline for cloud computing systems that require FISMA high-impact level security is nearly ready for public comment.

Addressing an audience of about 200 FedRAMP-focused government and industry personnel at an FCW-sponsored event in Washington, D.C., Goodrich said the "FedRAMP high" draft would be published Jan. 27.

Currently, FedRAMP authorizes systems only at the low- and moderate-impact levels set by the Federal Information Security Management Act. But adding high-impact cloud systems is part of the FedRAMP roadmap, and Goodrich said his office is also open to establishing other baselines if there is sufficient agency demand. 

For example, the National Institute of Standards and Technology's 800-series standards for FISMA compliance allow the impact levels for a system's availability, confidentiality and integrity to be set separately, but Goodrich said that FedRAMP is currently locked in a "Low-low-low, medium-medium-medium, high-high-high." 

If there was the need for a baseline that hit high-impact standards only for, say, confidentiality, Goodrich said, "we're not closed off to the idea."

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.