The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings.
The guidance document provides CSPs with information on how to illustrate their cloud services’ authorization boundary, network interconnections and data flow diagrams, FedRAMP said Wednesday.
The document presents an overview of definitions of several terms, including authorization boundary, federal information, federal metadata, interconnections and external services, outlined in the Office of Management and Budget A-130 and National Institute of Standards and Technology Special Publication 800-37 and SP 800-53.
The FedRAMP Program Management Office and Joint Authorization Board also offered guidance on how CSPs should approach and handle such terms. For example, service providers should include in an authorization boundary all federal data, including metadata, generated by a federal customer within the cloud service offering.
Public comments are due Sept. 13.