News/Blog

The Federal Risk and Authorization Management Program (FedRAMP) supports the U.S. government’s cloud-smart policy by establishing consistent security standards across agencies and their contractors (such as cloud service providers). Unlike FISMA, which awards an Authorization to Operate (ATO) specific to the agency or project at hand, a FedRAMP certification allows a contractor to work with any government agency. It’s a powerful tool for streamlining the A&A approval path and executing federal contracts.

The National Institute of Standards and Technology (NIST) advises on technology standards and sensitive data protection. NIST helps keep information safe while establishing uniformity in the way cybersecurity is addressed across public and private sectors, protecting networks from malware, ransomware, cyberattacks and internal or external threats. For Federal agencies and their supporting contractors, NIST compliance isn’t just a recommendation – it’s both a roadmap and a mandate to adhere to benchmark security controls for information systems.

The transition to cloud computing continues to be a strategic priority for the U.S. government. Increased collaboration, greater efficiencies, scalable data storage – all are tangible benefits of the shift to the cloud. But not all cloud solutions are created equal. Cloud computing encompasses a range of types and architecture models. Each is tailored for a specific use case, taking into consideration the inherent risk-tolerance for data loss or compromise. What’s the difference between public, private, hybrid, and community clouds? Let’s find out.

Will you be prepared when disaster strikes? In today’s rapidly evolving IT infrastructure and cloud landscape, where massive amounts of data are collected, transmitted, and stored, threats can emerge quickly and leave lasting (and costly) damage to your operations and reputation. Threats can be physical – like a fire or flood – or they can be technological, like a disrupted connection to the server. Threats can be external – like a hacker or malware – or they can be internal, like a disgruntled employee.

New cloud services and solutions are coming to market at a rapid pace – accelerating collaboration and productivity like never before – but that has left some Federal employees wondering: Can you use commercial cloud services with government devices? After all, the end user is typically the most vulnerable factor in securing IT infrastructure. Will commercial cloud access from a smartphone enable a wider data breach or cyberattack?

The Federal Risk and Authorization Management Program, or FedRAMP, defines three distinct categorization levels to help government agencies and their supporting contractors implement the appropriate security controls required to protect U.S. government data. These levels – low, medium, and high – standardize an approach to the security of cloud products and cloud services across the federal sphere.