Tool provides out-of-the box FedRAMP compliance
- By Rutrell Yasin
- May 16, 2012
Agiliance has unveiled its Federal Risk and Authorization Management Program Content Pack, which includes the baseline security controls required for cloud service providers looking to comply with FedRAMP security requirements.
FedRAMP provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The program was developed by the National Institute of Standards and Technology, the General Services Administration and the Defense and Homeland Security departments.
The FedRAMP security assessment process is aligned with the security controls and guidance in NIST Special Publication 800-37.
FedRAMP closer to rollout with GSA's release of third-party assessors
Feds put some meat on FedRAMP's bones
FedRAMP is a step closer to rollout in June 2012. GSA May 14 released a list of accredited third-party assessment organizations -- or 3PAOs -- that will do initial assessments and test the controls of cloud service providers per FedRAMP requirements, and provide evidence of compliance. The 3PAOs will also have an ongoing part in ensuring cloud service providers meet requirements.
The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the FedRAMP System Security Plan, Security Assessment Plan and Security Assessment Report, guidance documents that will be released prior to FedRAMP’s initial operating capability in June.
"The U.S. government is moving quickly to adopt cloud computing, both for its own data-center consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility," said Torsten George, vice president of worldwide marketing and products at Agiliance.
The FedRAMP Content Pack will allow government agencies to implement continuous monitoring as prescribed by NIST, the Federal Information Security and Management Act and now FedRAMP, George said.
The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVision platform. Agiliance RiskVision can be deployed as a cloud service or on premise.
Rutrell Yasin is senior editor for GCN covering cloud computing.