The GSA recently released revised security standards for cloud service providers. Meeting these cloud security standards will be a requirement to do business with federal government clients, according to Federal Times.
These revised standards will eventually affect all current and future cloud service providers as they undergo FedRAMP review and certification. (These new standards are distinct from an existing June 5 deadline for agencies to have their existing cloud solutions assesses against FedRAMP standards.)
The FedRAMP process does affect the deadlines for individual cloud providers, depending on where the company is in their FedRAMP process as of June 1. Reviews in progress by that date will use the current security standards. Then the companies will have one year to implement the new baseline.
The FedRAMP program management office is working with the CIO Council to provide further updates by the June 1 date on the new security standards. The standards are based on the fourth revision of the National Institute of Standards and Technology’s (NIST) Special Publication 800-53, known as Rev. 4.
According to the transition document released by the FedRAMP PMO, the new FedRAMP security baseline will be a substantial upgrade from its prior implementation. The new baseline is meant to provide a more robust and transparent approach to the government’s cloud security and risk posture.
The FedRAMP Program Management Office anticipates that the level of effort will require testing between 140 to 150 controls,” the document states. “There are approximately 72 new Rev. 4 controls and 70 core controls for annual testing. The FedRAMP PMO will prioritize and adjust the number of controls required for testing based on the CSPs risk posture.”
Our clients are looking for the right partners with proven experience to help them meet these stringent new cloud security requirements. This can be done with a private cloud solution that leverage existing infrastructure and gives the federal IT pro more control, more capacity and more efficiency.
See below for a short video from Affigent partner EMC on how this is done: