Home / News / FedRAMP Seeks Comments on ‘Tailored’ Baseline for Low-Risk Cloud Services

FedRAMP Seeks Comments on ‘Tailored’ Baseline for Low-Risk Cloud Services

The Federal Risk and Authorization Management Program seeks public feedback on a draft “tailored” baseline meant to accelerate the authorization of low risk cloud services for government use.

FedRAMP said Thursday the Tailored baseline will cover minimum security control requirements for low-impact cloud offerings and that authorizing officials could identify additional security controls if needed.

The proposed baseline will focus on cloud services such as collaboration tools, project management and open source development.

Cloud offerings could qualify for FedRAMP Tailored if they are fully functional, software-as-a-service platforms that meet the low-security impact definition of the Federal Information Processing Standard Publication 199.

Cloud services must also hosted in an existing FedRAMP-authorized infrastructure and operate without requiring personally identifiable information to be eligible for Tailored.

FedRAMP collaborated with the Office of Management and Budget, the National Institute of Standards and Technology and the Joint Authorization Board to create the draft tailored approach.

The General Services Administration-led program will gather public input through March 17.

Check Also

CISA Issues Warning on Email Phishing Attacks

The Cybersecurity and Infrastructure Security Agency is urging the public to be cautious of emails that look similar to National Cyber Awareness System notifications and contain malicious threats. CISA said Tuesday that the email phishing scam deploys a spoofed email address and tricks users into downloading malware through attachments that mimic Department of Homeland Security alerts.

Leave a Reply

Your email address will not be published. Required fields are marked *