FedRAMP said Thursday the Tailored baseline will cover minimum security control requirements for low-impact cloud offerings and that authorizing officials could identify additional security controls if needed.
The proposed baseline will focus on cloud services such as collaboration tools, project management and open source development.
Cloud offerings could qualify for FedRAMP Tailored if they are fully functional, software-as-a-service platforms that meet the low-security impact definition of the Federal Information Processing Standard Publication 199.
Cloud services must also hosted in an existing FedRAMP-authorized infrastructure and operate without requiring personally identifiable information to be eligible for Tailored.
FedRAMP collaborated with the Office of Management and Budget, the National Institute of Standards and Technology and the Joint Authorization Board to create the draft tailored approach.
The General Services Administration-led program will gather public input through March 17.