FedRAMP Tailored issues another baseline for public comment
The Federal Risk and Authorization Management Program released a new baseline for its anticipated Tailored service for public comment on Thursday, following an evaluation period of previous comments in March.
The proposed software-as-a-service cloud solution would provide agencies with lower-risk options that can be applied on the new baseline, generating a faster approval process.
FedRAMP, the governmentwide program for authorizing and assessing cloud services, debuted the initial Tailored baseline in February and received 330 public comments, which were later reviewed by its Program Management Office and Joint Authorization Board.
The new baseline includes refined standards for Personally Identifiable Information logins and authentications. Providers are now encouraged to apply “pre-existing government directory services or an external authentication directory.”
Officials said the updated baseline also includes a more detailed policy statement on Continuous Monitoring requirements and more clarity on the attestation process companies use to report that they’re meeting standards. FedRAMP officials said they hope to launch a finalized baseline by the end of summer, after reviewing this round of comments.
FedRAMP has been actively developing options to speed up the authorization process for cloud service providers looking to sell to federal agencies, including releasing a request for information this week on how to automate a portion of its authority to operate, or ATO, process.
FedRAMP Tailored is intended to provide agencies with low-impact SaaS cloud solutions with minimum security control requirements that can clear the ATO process faster.
“We hope FedRAMP Tailored will provide a way in which FedRAMP can support the need government authorizing officials have for a standardized approach to determining the risks associated with authorizing specific low-impact cloud applications — for example, small scale cloud applications that assist the government in doing business, but that do not directly impact the government’s mission needs,” officials said in a Feb. 17 post announcing the service.
The next comment period for the FedRAMP Tailored baseline is open until July 28, with public comment available on the office’s GitHub page.