Frank Konkel | Nextgov | June 23, 2016 | 0 Comments

After Testing, 3 Companies Cleared to Store Sensitive Data in the Cloud

Virgiliu Obada/

Three cloud service providers have achieved the first authority to operate at FedRAMP’s high-impact baseline and are now available to host some of the government’s most sensitive unclassified workloads.

After an 18-month process, Amazon Web Services GovCloud infrastructure-as-a-service, CSRA’s ARP-C IaaS and Microsoft Azure Government’s IaaS and Platform-as-a-Service offering can now be used by agencies for high-impact needs.

Demand for high-impact standards reached an “action point” in January 2015, according to FedRAMP Director Matt Goodrich. Significant potential cloud customers like the departments of Defense, Homeland Security and Veterans Affairs all sought options for hosting law enforcement, critical infrastructure, financial and health data.

The FedRAMP office released two versions of the draft standards for public comment over the past year and a half, and kicked off the pilot with actual vendors in September 2015. On top of the FedRAMP-moderate baseline, the pilots added an additional 96 controls.

“The last few months have been aligning assessments for vendors with the final baseline,” Goodrich said in an interview with Nextgov.

In addition, the FedRAMP team has taken time to ensure “good synergy” between the FedRAMP-high baseline and the Defense Department’s Impact Level 4 standards.

The standards are closely – though not perfectly – aligned, meaning a vendor that achieves the FedRAMP-high baseline has very few hoops to jump through to achieve compliance with DOD’s Impact Level 4 security requirements. That ought to reduce time to market for vendors and cut down on time to wait for DOD’s growing customer base.

DOD also makes up the largest percentage of FedRAMP-high data, at 33 percent. VA has 16 percent, DHS has 13 percent and the Justice Department rounds out the top four producers with 10 percent.

While more difficult to achieve from a security perspective, Goodrich said “there should only be a minimal impact to overall timeliness” in terms of getting through the FedRAMP pipeline. That bodes well for FedRAMP’s new emphasis on speed to market, although Goodrick added that vendors will probably need more time to prepare for the FedRAMP-high process itself.


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.