Tag Archives: FedRAMP

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

OSCAL Version 1.0.0

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster

Read More »

Dave Zvenyach: GSA Plans to Invest in FedRAMP Process Automation

Dave Zvenyac

Dave Zvenyach, director of the General Services Administration's (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology. Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.

Read More »

FedRAMP Issues Guidance on Remote Data Center Testing

Remote Data Center

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” the blog post states.

Read More »

Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

Brian Conrad

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls. Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

FedRAMP Issues Guidance for Container-Based Cloud Vulnerability Scanning

AWS Secret Region IL-6

The Federal Risk and Authorization Management Program (FedRAMP) has released a document for vulnerability scanning procedures involving container technology for cloud environments. The Vulnerability Scanning Requirements for Containers guidance details standards for security considerations, processes and architectures in line with the assessments of cloud service providers during a technical exchange meeting. 

Read More »

StateRAMP to Open Membership Registration for Cloud Security Vetting Initiative in April

Cloud Computing

Not-for-profit-organization StateRAMP will begin membership registrations for its program aimed at helping vendors and agencies comply with cloud security standards (CSP) next month, GCN reported Tuesday. CSPs must undergo a readiness assessment to validate security controls and determine their potential to pass full FedRAMP assessments within a two to four-week period.

Read More »

GSA’s Dave Zvenyach on Digital Services Unit’s Role in Assisted Acquisition, Government Service Transformation

Dave Zvenyach

Dave Zvenyach, director of the General Services Administration’s (GSA) Technology Transformation Services (TTS) unit, has said that TTS has been making progress in its programs and execution of assisted acquisition authorities. TTS and the 18F digital services unit are partnering for assisted acquisition efforts to support agencies like the Department of Health and Human Services’ (HHS) Administration for Children and Families.

Read More »

GSA Launches Updated FedRAMP Website; Ashley Mahan Quoted

Ashley Mahan

The General Services Administration (GSA) has redesigned the website for the Federal Risk and Authorization Management Program (FedRAMP) in a move to promote the use of cloud technologies to streamline online operations. GSA said Tuesday that the updated FedRAMP website is aimed at providing easy access to information on authorization procedures while simplifying the online experience through search and filter functions.

Read More »

Lumen Technologies Names Nick Andersen as Public Sector CISO

Lumen Technologies

Lumen Technologies has appointed Nick Andersen  as chief information security officer (CISO) for the public sector, where he will work to ensure the company’s cybersecurity and IT products meet the federal government’s security requirements and risk management standards. Andersen will report to Zain Ahmed, regional VP for Lumen’s federal business. 

Read More »