Tag Archives: Federal Risk and Authorization Management Program

FedRAMP Revises Cloud Security Package Training Materials

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) office has updated materials that educate companies about the requirements for developing a cloud security package. The revision of FedRAMP's System Security Plan Required Documentation training program aimed to equip and prepare stakeholders in handling package access requests, according to a blog post published Tuesday.

Read More »

GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

FedRAMP

The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security authorization packages prior to submission to the Federal Risk and Authorization Management Program (FedRAMP).

Read More »

FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language. FedRAMP is also requesting comments on the machine-readable formats and further guidance.

Read More »

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

FedRAMP

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance document provides CSPs with information on how to illustrate their cloud services' authorization boundary, network interconnections and data flow diagrams.

Read More »

A2LA Updates Requirements for FedRAMP Assessors

FedRAMP

The American Association for Laboratory Accreditation (A2LA) has unveiled updated requirements mandatory to third-party assessment organizations (3PAO) of the Federal Risk and Authorization Management Program (FedRAMP).  The updated version of the R311 policy document features new requirements that will be effective immediately and considered in the next A2LA assessment of each 3PAO. 

Read More »

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

Virtual Cloud Computing

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster

Read More »

Dave Zvenyach: GSA Plans to Invest in FedRAMP Process Automation

Dave Zvenyac

Dave Zvenyach, director of the General Services Administration's (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology. Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting. 

Read More »

StateRAMP to Open Membership Registration for Cloud Security Vetting Initiative in April

Cloud Computing

Not-for-profit-organization StateRAMP will begin membership registrations for its program aimed at helping vendors and agencies comply with cloud security standards (CSP) next month, GCN reported Tuesday. CSPs must undergo a readiness assessment to validate security controls and determine their potential to pass full FedRAMP assessments within a two to four-week period.

Read More »