Cloud

FedRAMP launches streamlined approvals for low-impact services

Image from Shutterstock.com 

The Federal Risk and Authorization Management Program is now offering FedRAMP Tailored, a faster approval process for cloud service providers with low-impact software-as-a-service offerings.

The new baseline is based on a minimum set of security controls and designed to get applications to federal agencies in as little as four weeks. In an effort to ease the barrier to entry for CSPs, the baseline provides guidance on each of the security controls to help new vendors bring their technology into the government space.

"We want to make sure that the security for these systems is commensurate with the sensitivity of data in these systems," said FedRAMP Director Matt Goodrich. "We are looking at low-impact and low-risk use cases to help with things like communication, project management and open-source code development."

FedRAMP Tailored trims number of security controls from 125 to 36, which Goodrich hopes will lower the front-end costs for vendors who want to do business with the federal government. Goodrich said he sees the most interest in the new baseline coming from companies currently doing business with individual agencies but not an enterprise-level scale. 

The controls are based on requirements from the National Institute of Standards and Technology's Federal Information Processing Standards Publication 199 that are already in use by FedRAMP for low-, moderate- and high-impact cloud service provider baselines. 

The FedRAMP Tailored baseline for low-impact services is only the first of the program's efforts to adapt NIST's security controls for different types of systems based on use cases.

"The NIST framework allows us to tailor the security controls for systems based on the type of information going into them," Goodrich said. "We envision that there will be more tailored baselines coming out in the future." 

More information on the FedRAMP Tailored baseline requirements can be found here.

This article originally appeared in GCN.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at sfriedman@gcn.com or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.