FedRAMP releases high-security baseline for public comment

The baseline document lays out a litany of controls cloud service providers must check off before agencies can store highly sensitive data on their offerings.

The Federal Risk and Authorization Management Program publicly released its high-impact baseline for cloud security Wednesday to gather feedback for a final revision in the coming months.

The document is a key part of FedRAMP’s two-year roadmap to refine the way the government procures cloud computing services.

The baseline document, which is posted on, lays out a litany of controls cloud service providers must check off before storing agencies’ highly sensitive data, like electronic health records or other personally identifiable information.

The document calls for CSPs to outline more than 800 different security controls, including access control, incident response, physical and environmental protection, and risk assessment, among others.


At a cloud computing conference earlier this month, FedRAMP Director Matt Goodrich said the baseline was established with the help of the departments of Defense, Homeland Security, Veterans Affairs, Justice, and Health and Human Services. Information was also pulled from a number of data sets, including PortfolioStat and DHS’ inventory on agencies’ Federal Information Security Management Act, or FISMA, requirements.

The public comment period is open until March 13. The program will then release further draft revisions over the course of the year.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts