//
you're reading...
Information Security, IT & TECHNOLOGY

FedRAMP High Baseline Requirements Published


CSA-Logo

The Federal Risk and Authorization Management Program (FedRAMP) Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; and is mapped to the security controls from the NIST SP 800-53, Rev. 4 catalog of security controls. Previously, the FedRAMP authorization process was only designed for low and moderate impact systems. The number of controls for each of the FedRAMP defined impact system levels is presented below:

FedRAMP-High-Baseline-Blog

 

The release cumulates several months of work from the FedRAMP PMO, numerous agencies, cloud service providers and key stakeholders that established the draft baseline, collected industry and federal comments, and completed pilot programs.

FedRAMP High Baseline
The establishment of the FedRAMP High Security baseline is critical for federal agencies to migrate more high-impact level data to the cloud. The High baseline is the strongest FedRAMP level to date, covering sensitive, unclassified data. According to FedRAMP Director Matt Goodrich, most of the information to be covered under the High baseline will be law enforcement data and patient health records. This should cover the needs of several civilian agencies, the Department of Defense (DoD), and the Department of Veterans Affairs (VA).

FedRAMP High Baseline Authorized Cloud Service Providers
The three Infrastructure-as-a-Service (IaaS) providers who participated in the FedRAMP High baseline pilot program and achieved Authorization are:

  • Microsoft’s Azure GovCloud
  • Amazon Web Services GovCloud
  • CSRA / Autonomic Resources’ ARC-P

Federal agencies are able to review these vendor’s security packages, through OMB MAX, to begin to use these services immediately.

Coalfire was one of the earliest Third Party Assessment Organizations (3PAO) in FedRAMP, providingFedRAMP assessment or advisory services to cloud service providers in pursuit of their FedRAMP P-ATO or Agency ATO. If you’d like to talk to one of our staff about the new FedRAMP High baseline or have questions about the FedRAMP process, please contact us.

Abel Sussman, Director, TAAS–Public Sector and Cyber Risk Advisory, Coalfire

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 115,124 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,068 other followers

Twitter Updates

Archives

July 2016
M T W T F S S
« Jun   Aug »
 123
45678910
11121314151617
18192021222324
25262728293031
%d bloggers like this: