AT&T storage services joins FedRAMP ranks
- By Rutrell Yasin
- Jul 23, 2013
AT&T Storage-as-a-Service has been granted provisional approval to offer cloud services under the federal government’s FedRAMP cloud security program, achieving the highest level of security under the program.
FedRAMP, the Federal Risk Authorization Management Program, provides a standard approach for security assessment, authorization and continuous monitoring of cloud products and services. FedRAMP uses a “do once, use many times” framework that is expected to reduce the cost, time and staff required to conduct redundant agency security assessments of cloud solutions.
AT&T StaaS provides storage capacity on demand, allowing government workers to securely access their stored data from anywhere and at any time. The storage platform received the FedRAMP Joint Authorization Board’s provisional authorization — the most rigorous approval — which involves a thorough review by chief information officers of the General Services Administration and Homeland Security and Defense departments.
To receive this provisional authorization, AT&T StaaS documented and fully implemented the FedRAMP security controls on its cloud service offerings. In addition, The Veris Group, an independent FedRAMP-accredited Third-Party Assessment Organization (3PAO), assessed and verified the company’s security implementations. Third-party assessors play a key role in the FedRAMP process as cloud service providers must use an accredited 3PAO to independently validate and verify that they meet the FedRAMP requirements. FedRAMP has accredited 22 third-party assessors, with half of those being small businesses.
In related news, GSA moved forward with plans to privatize the 3PAO review process. GSA has selected the American Association for Laboratory Accreditation as the FedRAMP Third-Party Assessment Organization Accreditation Body. The move will allow for more in-depth analysis of an applicant’s conformance to inspection and information security standards, making the process more rigorous, according to David McClure, Associate Administrator of GSA’s Office of Citizen Services and Innovative Technologies.
With AT&T's StaaS joining the FedRAMP ranks, eight cloud services providers are now compliant with FedRAMP requirements, according to the GSA. Five cloud providers have been granted provisional authority, the highest security level under the program, including AT&T, Autonomic Resources, CGI Federal, Hewlett-Packard and Lockheed Martin. Three other cloud providers have been granted agency Authority to Operate, including Amazon Web Services’ GovCloud and US East/West offerings, each receiving authorization by the Health and Human Services Department. The Agriculture Department’s National Information Technology Center has been granted an authority to operate by the USDA Office of the CIO.
Rutrell Yasin is senior editor for GCN covering cloud computing.