TheÂ Federal Risk and Authorization Management Program seeks public feedbackÂ onÂ a draft “tailored”Â baseline meantÂ to accelerate the authorization of low risk cloud services for government use.
FedRAMP said Thursday the Tailored baseline will coverÂ minimum security control requirements for low-impact cloud offerings and that authorizing officials could identify additionalÂ security controls if needed.
The proposed baseline will focus on cloud services such as collaboration tools, project management and open source development.
Cloud offerings could qualify for FedRAMP Tailored if they are fully functional, software-as-a-service platforms that meet theÂ low-security impact definition ofÂ theÂ Federal Information Processing Standard Publication 199.
Cloud services must also hosted in an existing FedRAMP-authorized infrastructure and operateÂ without requiringÂ personally identifiable information toÂ be eligible for Tailored.
FedRAMP collaborated with theÂ Office of Management and Budget, theÂ National Institute of Standards and Technology and the Joint Authorization Board to create the draft tailored approach.
TheÂ General Services Administration-led program will gatherÂ public inputÂ through March 17.