Frank Konkel | Nextgov | March 13, 2017 | 0 Comments

Comment Period Extended for FedRAMP's New Baseline

3dreams/Shutterstock.com

The public and industry have another month to voice comment and feedback regarding the Federal Risk and Authorization Management Program's prospective new “Tailored” baseline following an extension announced Monday.

“After requests from industry and agencies, we have decided to extend our public comment period for FedRAMP Tailored to April 24th,” the FedRAMP office said in a statement. “By providing your thoughts and input on our new baseline, you are helping to ensure that FedRAMP Tailored meets the needs of both agencies and industry. Additionally, we hope this time will spark a deeper dialogue among comments on FedRAMP Tailored.”

The FedRAMP office, which spent much of 2016 making large-scale improvements to how it standardizes cloud computing security requirements for federal agencies, announced its Tailored baseline in February as a possible means to usher in speedier assessments for certain kinds of solutions.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The initial tailored approach was a collaborative effort among the General Services Administration, the Office of Management Budget, the National Institute of Standards and Technology, and the Joint Authorization Board, which includes representatives from the Homeland Security and Defense departments.

The goal is essentially to tailor “the security method to be commensurate with the risk of breach or hack,” according to GSA’s notice, which suggests low-impact cloud applications (those that help the government do business but do not directly impact mission needs) would be prime targets for FedRAMP Tailored.

The FedRAMP Tailored announcement posits specific criteria cloud providers and agency authorizing officials could agree upon before cloud solution offerings attempt to meet FedRAMP standards. If the criteria are met and all parties agree, the aforementioned cloud solution offering could instead meet the FedRAMP Tailored baseline that “provides a minimum set of security control requirements,” speeding up the process.

However, public comment could prove significant, either by altering the premise of the FedRAMP Tailored approach or changing the initial criteria cloud service offerings would have to meet prior to qualifying for the tailored baseline.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.