Cloud

FedRAMP launches streamlined approvals for low-impact services

Image from Shutterstock.com 

The Federal Risk and Authorization Management Program is now offering FedRAMP Tailored, a faster approval process for cloud service providers with low-impact software-as-a-service offerings.

The new baseline is based on a minimum set of security controls and designed to get applications to federal agencies in as little as four weeks. In an effort to ease the barrier to entry for CSPs, the baseline provides guidance on each of the security controls to help new vendors bring their technology into the government space.

"We want to make sure that the security for these systems is commensurate with the sensitivity of data in these systems," said FedRAMP Director Matt Goodrich. "We are looking at low-impact and low-risk use cases to help with things like communication, project management and open-source code development."

FedRAMP Tailored trims number of security controls from 125 to 36, which Goodrich hopes will lower the front-end costs for vendors who want to do business with the federal government. Goodrich said he sees the most interest in the new baseline coming from companies currently doing business with individual agencies but not an enterprise-level scale. 

The controls are based on requirements from the National Institute of Standards and Technology's Federal Information Processing Standards Publication 199 that are already in use by FedRAMP for low-, moderate- and high-impact cloud service provider baselines. 

The FedRAMP Tailored baseline for low-impact services is only the first of the program's efforts to adapt NIST's security controls for different types of systems based on use cases.

"The NIST framework allows us to tailor the security controls for systems based on the type of information going into them," Goodrich said. "We envision that there will be more tailored baselines coming out in the future." 

More information on the FedRAMP Tailored baseline requirements can be found here.

This article originally appeared in GCN.

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at sfriedman@gcn.com or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.