The ability to embrace cloud computing capabilities for federal departments and agencies brings advantages and opportunities for increased efficiencies, cost savings, and green computing technologies. However, cloud computing also brings new risks and challenges to securely use cloud computing capabilities as good stewards of government data.
The Federal Risk and Authorization Management Program or FedRAMP has been established to provide a standard approach to Assessing and Authorizing (A&A) cloud computing services and products. FedRAMP allows joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems intended for multi-agency use. Joint authorization of cloud providers results in a common security risk model that can be leveraged across the Federal Government.
FedRAMP aims to standardize how the Federal Information Security Management Act (FISMA) applies to cloud computing services. FedRAMP offers a “do once, use many times” framework by employing a standardized approach to security assessment, authorization, and continuous monitoring of cloud-based services. Implementing FedRAMP approach helps to reduce the cost of FISMA compliance. Federal agencies including departments and offices must ensure that all cloud systems use the FedRAMP baseline security by using the FedRAMP Security Assessment Framework (SAF) when granting security authorizations under FISMA.
Datawiz was amongst the first Cybersecurity professionals to perform a Security Assessment on a Cloud Computing service provider for the Federal Government (Certification and Accreditation (C&A)). What we learned from this exercise, is that having a public knowledge of cybersecurity is crucial in securing individuals and our Nation. Datawiz is working with leading industry Cloud Computing providers to assist in meeting the new Federal Requirements.
Adapting FedRAMP framework produces a better security posture, and cuts multiple compliance assessments by conducting a uniform assessment and authorization: do once, use many times. It also provides a real-time cloud security visibility, trust in the validity of assessments, and enhances transparency between government and cloud service providers. Ultimately FedRAMP program helps organizations and agencies significantly save money and time.