FedRAMP issues last call for comments on high-baseline standards

The Federal Risk and Authorization Management Program wants final input from cloud service providers and other interested groups for the last draft of its most secure "high-baseline" cloud security standards.

That high baseline standard for FedRAMP is meant to ensure cloud service providers have secured their data centers to the level required for  sensitive unclassified data, like health records in cloud environments.

The General Services Administration released the final draft to industry and interested stakeholders on Dec. 21 and asked for responses by Jan. 8, 2016.

FedRAMP's initial high baseline draft was unveiled  in March 2015. In September, the FedRAMP program management office (PMO) convened a tiger team of high-impact system owners and agency leads to judge the first round of public comments.

The second round of comments generated by the just-released draft, FedRAMP officials said, will provide grist for further changes to the document.