FedRAMP

U.S. federal agencies have been directed by the Office of Management and Budget[1] to use a process called FedRAMP (Federal Risk and Authorization Management Program) to assess and authorize federal cloud computing products and services.

The second Chief Information Officer of the United States, Steven VanRoekel, issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Accreditation Board (JAB) consisting of Chief Information Officers from DoD, DHS, and GSA.

The JAB is responsible for establishing accreditation standards for Third Party Accreditation Organizations (3PAO) who perform the assessments of cloud solutions. The JAB also reviews authorization packages, and may grant provisional authorization (to operate). The federal agency consuming the service still has final responsibility for final authority to operate.[2] Participating vendors sell a variety of hosting services, Software as a Service packages, and several 3PAOs that provide accreditation services to other vendors.

Notable 3PAOs include:

See also

References

  2. "About FedRAMP". U.S. General Services Administration. 2012-06-13. Retrieved 2015-05-06.

External links

This article is issued from Wikipedia - version of the Wednesday, February 10, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.