FedRAMP Compliance

The Federal Government constantly evaluates ways to ensure efficiency, security, and innovation of IT systems. While the cloud does offer “faster processing and more elasticity”, adoption of cloud solutions can be inefficient, expensive, time-consuming, etc.

To bridge the gap and remedy some of these problems, the U.S. Government developed FedRAMP, or the Federal Risk and Authorization Management Program, a compliance standard to execute any government agency cloud hosting contracts.

fedramp-logo (1)

FAQs About FedRAMP

By definition:

“The Federal Risk Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”

  • Certifies that a cloud service provider meets governmental IT security standards.
  • Uses a standardized framework for vetting the security of cloud services.
  • Also adopted by other government agencies, and useful in other areas of the public sector.
  • Standards controlled by the National Institute of Standards and Technology (NIST).
  • Saves government agencies an estimated 30-40% of government costs, including time and staff.

For full details about FedRAMP, visit the official website.

For vendors unused to working in government IT, the cost of entry is stiff, costing a commercial cloud service provider an estimated $25 - $35 million in engineering and staffing costs to meet the government’s rigorous IT security standards.

The complex set of requirements is why the FedRAMP was established. FedRAMP has established a “standardized approach to security, assessment, authorization, and continuous monitoring for cloud products and services.”

To ensure the highest level of compliance and security, government agencies must “use FedRAMP when conducting risk assessments, security authorizations, and granting ATOs for all Executive department or agency use of cloud services” (Office of Management and Budgets Policy Memo on FedRAMP). It’s been the established compliance standard for government cloud contracts moving forward.

There are a variety of benefits to FedRAMP, including:

  • Accelerated adoption of cloud solutions through the reuse of security assessments and authorizations across agencies.
  • Enhanced transparency between government and Cloud Service Providers (CSPs) with recognized federal security authorization processes.
  • Uniform approach to risk-based management clarifies expectations and saves significant time and resources for all parties involved.
  • Automated, continuous monitoring with real-time data and enhanced security visibility.
  • Creates trust between federal agencies and CSPs.

The biggest benefit to using FedRAMP-compliant CSPs, is rigorous security and uptime engineered into the data center and cloud system, which remains audited against strict standards in near real-time.

Cloud Service Providers (CSPs) that offer cloud services to federal agencies must meet the following requirements, as exactly defined by FedRAMP.gov:

  • Directly apply or work with a sponsoring agency to submit an offering for FedRAMP authorization
  • Implement the FedRAMP baseline security controls
  • Hire an Independent Assessor to perform an independent system assessment
  • Create and submit an authorization package
  • Provide continuous monitoring reports and updates

To get a better idea of what is required, CSPs should review the following:

Visit FedRAMP’s official website for full documentation on the requirements.

The State of FedRAMP Compliance

FedRAMP is steadily seeing an increase in adoption, and FedRAMP shared some of its progress in the micrographic to the right. (Click to zoom).

Some of the highlights from the end of last year include:

  • 53% increase in agency authorizations
  • 25% increase in JAB authorizations
  • 340% increase in training enrollees
  • 50% increase in FedRAMP compliant cloud services

We plan to be a contributor to these numbers this year, and we believe these numbers indicate how important FedRAMP really is.

For a full rundown of the report, visit the official FedRAMP website.

FedRAMP Forward Infographic

It's all in the numbers:

  • $70 mil. annual savings for federal agencies using cloud services.
  • 30 - 40% savings FedRAMP standards deliver to federal agencies.
  • Over 1,400 FedRAMP-compliant systems across the government.
  • 80 = the number of cloud services used by the federal government.
  • 82% of all federal cloud instances are FedRAMP-compliant.
  • 53% increase in agency authorizations from June - December 2015.

FedRAMP-Authorized Cloud Computing is the way of the future for government agencies.

FedRAMP's benefits are well-documented, and government and military agencies have to be protected. Lifeline is currently undergoing the process of becoming FedRAMP-authorized. As always, we are dedicated to excellence in the data center space and are compliance leaders in our field.

For more information, request a tour of our data center today.