Tag Archives: FedRAMP

FedRAMP Revises Cloud Security Package Training Materials

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) office has updated materials that educate companies about the requirements for developing a cloud security package. The revision of FedRAMP's System Security Plan Required Documentation training program aimed to equip and prepare stakeholders in handling package access requests, according to a blog post published Tuesday.

Read More »

FedRAMP Seeks to Expedite Security Package Reviews With OSCAL Validation Rules

FedRAMP

The Federal Risk and Management Program (FedRAMP) has issued Open Security Controls Assessment Language (OSCAL) validation rules to help automate reviews of security packages and speed up authorizations. The OSCAL validation rules will enable cloud service providers and third-party assessment organizations to perform self-testing to see whether all the required data is included in their security packages prior to submission to FedRAMP.

Read More »

GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

FedRAMP

The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security authorization packages prior to submission to the Federal Risk and Authorization Management Program (FedRAMP).

Read More »

FedRAMP Issues Updated Guides for Developing Machine-Readable Authorization Packages

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) has released updated resources and conversion tools meant to help vendors and other stakeholders advance the digitization of FedRAMP authorization packages for commercial cloud services using a common machine-readable language. FedRAMP is also requesting comments on the machine-readable formats and further guidance.

Read More »

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

FedRAMP

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance document provides CSPs with information on how to illustrate their cloud services' authorization boundary, network interconnections and data flow diagrams.

Read More »

A2LA Updates Requirements for FedRAMP Assessors

FedRAMP

The American Association for Laboratory Accreditation (A2LA) has unveiled updated requirements mandatory to third-party assessment organizations (3PAO) of the Federal Risk and Authorization Management Program (FedRAMP).  The updated version of the R311 policy document features new requirements that will be effective immediately and considered in the next A2LA assessment of each 3PAO. 

Read More »

FedRAMP, NIST Release 1st Version of Open Security Controls Assessment Language

Virtual Cloud Computing

The Federal Risk and Authorization Management Program (FedRAMP) office and the National Institute of Standards and Technology (NIST) have introduced a machine-readable standard that works to automate the preparation, authorization and reuse of commercial cloud offerings for the government sector. The FedRAMP office expects OSCAL to help vendors prepare and review system security plans faster

Read More »

Dave Zvenyach: GSA Plans to Invest in FedRAMP Process Automation

Dave Zvenyac

Dave Zvenyach, director of the General Services Administration's (GSA) Technology Transformation Services (TTS) organization, said the agency is looking to modernize Federal Risk and Authorization Management Program (FedRAMP) processes with automation technology. Zvenyach noted that FedRAMP, which set a standardized assessment and certification approach for cloud offerings, generates nonlinear costs as the agency onboards more providers into the program.

Read More »

FedRAMP Issues Guidance on Remote Data Center Testing

Remote Data Center

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” the blog post states.

Read More »

Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

Brian Conrad

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls. Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.

Read More »