Tag Archives: Federal Risk Authorization Management Program

Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

Brian Conrad

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls. Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.

Read More »

NIST, FedRAMP Developing Programming Language to Help Automate Cloud Security Assessments

Cloud Security

The Federal Risk Authorization Management Program (FedRAMP) is working with the National Institute of Standards and Technology (NIST) to implement a universal programming language that can help accelerate cloud certification and drive automation in government operations. “What normally would take an assessor weeks to do, an OSCAL tool can perform in seconds,” said David Waltermire

Read More »

OIG Discovers Management Concerns in GSA, Lists Recommendations

The General Services Administration's Office of Inspector General provided six recommendations addressing the agency's management concerns for fiscal year 2019. OIG said in an audit report that GSA should create a control to validate upcoming termination rights for leases, implement a timely execution method and quantify potential losses in line to vacant spaces.

Read More »

GSA Releases FedRAMP Readiness Assessment Report Template for Cloud Providers, 3rd-Party Auditors

The General Services Administration has created a pre-audit template for cloud service providers and third-party assessment organizations to demonstrate a CSP’s readiness to go through the Federal Risk and Authorization Management Program certification process. FedRAMP Director Matt Goodrich wrote in a blog entry posted Tuesday that GSA released the FedRAMP Readiness Assessment Report template as …

Read More »

FedRAMP Team Aims to Cut Readiness Assessment Time for Cloud Vendors; William Hamilton, Claudio Belloli Comment

The Federal Risk Authorization Management Program team seeks to revamp the readiness assessment process for cloud service providers in an effort to help reduce wait times for vendors seeking authorization, Federal News Radio reported Friday. Meredith Somers writes William Hamilton, FedRAMP program manager for operations, and his team currently work …

Read More »

DISA to Reexamine Cloud Security Review Criteria; David Bennett Comments

The Defense Information Systems Agency is reexamining its established rules for the security review of commercial cloud systems that it vets for the Defense Department, Federal News Radio reported Thursday. Jared Serbu reports that DISA is revisiting the guidelines set in December, which were based on the Federal Risk Authorization Management Program and included additional …

Read More »