FedRAMP OKs remote data center testing
The Federal Risk and Authorization Program is allowing cloud service providers to have their data centers tested remotely.
Because of health precautions prompted by the COVID-19 pandemic, third-party assessment organizations (3PAOs) may now conduct initial and annual security assessment testing for certain data centers remotely.
According to a May 11 FedRAMP blog, 3PAOs should refer to state and local health departments for the latest information on travel, testing requirements, stay-at-home orders, and quarantine requirements. If remote testing is indicated, 3PAOs must ask the authorizing official for permission and outline their request.
“All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing,” FedRAMP officials wrote.
Earlier this month, the program posted an update on its progress toward meeting the updates in the National Institute of Standards and Technology’s SP 800-53 Rev5.
FedRAMP officials said they have reviewed the Rev5 baseline controls, have drafted initial recommendations for parameters and additional controls and are internally reviewing controls by applying a threat-based methodology. When a draft of the new baselines are available, they will be open for comments for at least 90 days.
Connect with the GCN staff on Twitter @GCNtech.