cloud service provider

FedRAMP Announces Update to Plan of Actions and Milestones Template

The Federal Risk and Authorization Management Program has added two new columns to the Plan of Actions and Milestones template to help agency partners track findings related to the Cybersecurity and Infrastructure

More

by Jane Edwards

June 30, 2022

Government Technology/News

FedRAMP Gets 1st System Security Plan in Machine-Readable OSCAL Format

The Federal Risk and Authorization Management Program has received from a cloud service provider the first system security plan in a machine-readable format called Open Security Controls Assessment Language. FedRAMP expects the

More

by Jane Edwards

May 20, 2022

Government Technology/News

FedRAMP Seeks Comments on Threat-Based Scoring Approach to Authorizations

The Federal Risk and Authorization Management Program is soliciting comments on an updated white paper that reflects changes to threat-based scoring methodology and informs stakeholders of its potential applications. FedRAMP said Tuesday

More

by Jane Edwards

February 16, 2022

Government Technology/News

Sharon Woods Highlights System Integrators’ Role in DISA’s Hosting, Cloud Computing Efforts

Sharon Woods, director of the hosting and compute center at the Defense Information Systems Agency, said systems integrators will continue to play a key role in DISA’s hosting and computing journey, particularly

More

by Jane Edwards

January 11, 2022

Government Technology/News

FedRAMP Updates Readiness Assessment Report Guide, Templates for 3PAOs

The Federal Risk and Authorization Management Program (FedRAMP) has announced the release of updated Readiness Assessment Report (RAR) templates and guide for third-party assessment organizations. The updated RAR guide and templates seek

More

by Jane Edwards

January 6, 2022

Cybersecurity/Government Technology/News

FedRAMP Plans to Apply CISA’s .govCAR Method to Other Authorization Aspects; Zach Baldwin Quoted

The Federal Risk and Authorization Management Program (FedRAMP) recently teamed up with the Cybersecurity and Infrastructure Security Agency (CISA) to apply CISA’s .govCAR methodology to score security controls of cloud service providers

More

by Jane Edwards

October 29, 2021

Government Technology/News

GSA Seeks to Automate Validation of FedRAMP Security Authorization Packages

The General Services Administration (GSA) will soon issue XML-automated validations to enable cloud services providers seeking an authority to operate to check whether all the required data is included in their security

More

by Jane Edwards

August 4, 2021

Government Technology/News

FedRAMP Opens Draft Authorization Boundary Guidance for Public Comment

The Federal Risk and Authorization Management Program is seeking public feedback on initial draft guidance meant to help cloud service providers develop the authorization boundary associated with their cloud offerings. The guidance

More

by Jane Edwards

July 15, 2021

Government Technology/News

FedRAMP Issues Guidance on Remote Data Center Testing

The Federal Risk and Authorization Program (FedRAMP) is permitting remote testing of certain data centers run by cloud service providers. “All remote testing must be explicitly detailed in the Security Assessment Plan

More

by Jane Edwards

May 12, 2021

Government Technology/News

FedRAMP Issues Updated Guidance Doc on Reporting Information Security Incidents

The Federal Risk and Authorization Management Program (FedRAMP) has updated a document that details the roles and responsibilities of each stakeholder in the cyber incident communication process. “Additionally, CSPs are responsible for

More

by Jane Edwards

April 19, 2021