Tool provides out-of-the box FedRAMP compliance

Agiliance has unveiled its Federal Risk and Authorization Management Program Content Pack, which includes the baseline security controls required for cloud service providers looking to comply with FedRAMP security requirements.

FedRAMP provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The program was developed by the National Institute of Standards and Technology, the General Services Administration and the Defense and Homeland Security departments.

The FedRAMP security assessment process is aligned with the security controls and guidance in NIST Special Publication 800-37.

Related coverage:

FedRAMP closer to rollout with GSA's release of third-party assessors

Feds put some meat on FedRAMP's bones

FedRAMP is a step closer to rollout in June 2012. GSA May 14 released a list of accredited third-party assessment organizations -- or 3PAOs -- that will do initial assessments and test the controls of cloud service providers per FedRAMP requirements, and provide evidence of compliance. The 3PAOs will also have an ongoing part in ensuring cloud service providers meet requirements.

The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the FedRAMP System Security Plan, Security Assessment Plan and Security Assessment Report, guidance documents that will be released prior to FedRAMP’s initial operating capability in June.

"The U.S. government is moving quickly to adopt cloud computing, both for its own data-center consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility," said Torsten George, vice president of worldwide marketing and products at Agiliance.

The FedRAMP Content Pack will allow government agencies to implement continuous monitoring as prescribed by NIST, the Federal Information Security and Management Act and now FedRAMP, George said.

The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVision platform. Agiliance RiskVision can be deployed as a cloud service or on premise.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected