Tag Archives: Joint Authorization Board

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

FedRAMP

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance document provides CSPs with information on how to illustrate their cloud services' authorization boundary, network interconnections and data flow diagrams.

Read More »

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

OCONUS Cloud Strategy

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for responding to emergency inquiries from FedRAMP, including those that are the result of the issuance of CISA Emergency Directives,” the document reads.

Read More »

ITIF Report: Congress, Administration Should Take Additional Steps to Improve FedRAMP

FedRAMP

An Information Technology and Innovation Foundation (ITIF) report says the Joint Authorization Board and the program management office for the Federal Risk and Authorization Management Program (FedRAMP) should require agencies to designate a FedRAMP liaison and conduct pilot programs to identify ways how to streamline the program to facilitate reviews and authorization of cloud services.

Read More »

Rep. Gerry Connolly Introduces Bill to Revamp FedRAMP Certification Process

Rep. Gerry Connolly, D-Va., has introduced a bill that would reform the government’s process for authorizing commercial cloud products and services through the Federal Risk and Authorization Management Program. Connolly’s office said Friday FedRAMP Reform Act of 2018 would also institute agency compliance measures and create new metrics to properly implement such measures. He noted …

Read More »

FedRAMP Revamps Website, Guidance for Cloud Providers

The Federal Risk and Authorization Management Program has refreshed its website to feature new guidelines and resource materials intended for agencies, third-party assessment organizations and cloud services providers, Homeland Security Today reported Tuesday. FedRAMP’s updated guidance includes digital identity requirements that are based on the National Institute of Standards and Technology as …

Read More »

FedRAMP Issues New Documents, Updates to Optimize Continuous Monitoring Process

The Federal Risk and Authorization Management Program has released new documents and updated existing guides in an effort to streamline, clarify and optimize its continuous monitoring processes. FedRAMP said Wednesday the new and updated documents integrate feedback from cloud service providers and Joint Authorization Board review teams. The documents are intended to clarify certain elements …

Read More »

18F Cloud Platform Gets FedRAMP Provisional Authorization

The General Services Administration’s 18F organization has received a provisional authority-to-operate under the Federal Risk and Authorization Management Program to offer a cloud platform to federal agencies. FedRAMP’s joint authorization board granted cloud.gov a moderate impact level P-ATO following the completion of a compliance and security evaluation in collaboration with third-party assessment organization Veris Group, according …

Read More »

FedRAMP Accelerated Program Seeks to Reduce Provisional Authorization Duration to 15 Weeks

Matt Goodrich, director of the Federal Risk and Authorization Management Program, has said the duration of the provisional authorization process for cloud service providers has been reduced from 104 weeks to 15 weeks under the FedRAMP Accelerated program. Goodrich wrote in a General Services Administration blog entry posted Thursday that the introduction of …

Read More »