Tech

FedRAMP releases high-security baseline for public comment

The baseline document lays out a litany of controls cloud service providers must check off before agencies can store highly sensitive data on their offerings.

By Greg Otto

January 28, 2015

The Federal Risk and Authorization Management Program publicly released its high-impact baseline for cloud security Wednesday to gather feedback for a final revision in the coming months.

The document is a key part of FedRAMP’s two-year roadmap to refine the way the government procures cloud computing services.

The baseline document, which is posted on fedramp.gov, lays out a litany of controls cloud service providers must check off before storing agencies’ highly sensitive data, like electronic health records or other personally identifiable information.

The document calls for CSPs to outline more than 800 different security controls, including access control, incident response, physical and environmental protection, and risk assessment, among others.

At a cloud computing conference earlier this month, FedRAMP Director Matt Goodrich said the baseline was established with the help of the departments of Defense, Homeland Security, Veterans Affairs, Justice, and Health and Human Services. Information was also pulled from a number of data sets, including PortfolioStat and DHS’ inventory on agencies’ Federal Information Security Management Act, or FISMA, requirements.

The public comment period is open until March 13. The program will then release further draft revisions over the course of the year.

FedRAMP releases high-security baseline for public comment

More Like This

USAID updated policy to allow use of Signal, Telegram in some circumstances

USAID helping Philippine space agency investigate satellite internet

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

Top Stories

The federal government wants to teach workers about AI prompt engineering

Federal data, security leaders release zero-trust guide ahead of White House deadline

Commerce looking to publish AI-ready data guidance in coming months

Federal CIO: The TMF has been vital to government’s improved cybersecurity stature

How federal IT officials are navigating the post-AI executive order ‘hype cycle’

Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says

More Scoops

FedRAMP’s new director has big plans for the cloud compliance program

FITARA scorecard sees sweeping improvements, as agencies look ahead to FedRAMP, AI hiring

Federal CIO highlights budgetary restrictions, need for trust following FedRAMP memo

GSA taps TMF, USDS alum as new FedRAMP director

GAO wants OMB to prioritize agencies’ FedRAMP use, modernization and more

Microsoft’s Azure OpenAI Service lands FedRAMP High authorization

New guidance aims to make FedRAMP ‘a security-first program,’ OMB official says

Latest Podcasts

How CMS is approaching AI adoption with CDSO Andrea Fletcher

What AI means for public sector training and upskilling

What’s at stake in the AI national security memo; the DOD braces to modernize defenses against quantum hacking

President Biden is set to issue AI national security memo; ARPA-H wants information on autonomous AI systems for health care

Tech

Defense

Cyber

FedScoop TV