FedRAMP – the Federal Risk and Authorization Management Program – is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers (CSPs).
Is Your Organization Prepared?
An assessment for FedRAMP must be conducted by an accredited FedRAMP Third-Party Assessment Organization (3PAO), such as Coalfire. If you’re seeking to expand your cloud services into government markets, a FedRAMP Authorization to Operate (ATO) is a must-have to sell to the government complaint.
Who is Affected?
The Federal Risk and Authorization Management Program (FedRAMP) is a result of the Administration’s ‘Cloud First’ Policy established in 2010 which provides a known set of federal security requirements that cloud service providers (CSPs) must adopt in order to be eligible to host government data. As of June 2014, all CSPs that deliver, or plan to deliver, services to the federal government are required to obtain FedRAMP certification. Let’s take a look at what this means for CSPs and federal agencies.
What You Need to Do - and How MDS Can Help:
The FedRAMP certification process can be lengthy and complicated. It takes 6 to 12 months to complete an application, which is followed by an independent third-party evaluation. Both phases of the process must be completed successfully in order to obtain certification.
FedRAMP offers a clearinghouse to determine which providers are most suitable for multi-agency use, and the process is designed to find solutions that align with many different agency needs. The needs of one agency may not reflect what another agency requires; FedRAMP certification provides a well-vetted selection of CSPs for all federal agencies to choose from.
Yes, FedRAMP has been around for a while – and there’s a good bit of confusion. You can read the Manual but at 73 pages and growing, it’s not exactly a page turner. There are three flavors of approved FedRAMP CSPs. So far, it’s believed there are 11 cloud service providers – 10 industry and 1 USDA that have gone through the process.
Don't Wait Until the Last Minute to Meet New Compliance Standards!
Contact an MDS today to receive expert guidance on how to get your security program up and running.
Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.