FedRAMP JAB Grants First Provisional Authorization
by Amy Phelps January 28, 2013
The Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) has granted its first provisional authorization to Autonomic Resources. The company used Veris Group as their FedRAMP accredited Third Party Assessment Organization (3PAO).
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments. For additional information on the FedRAMP program, visit the FedRAMP website.
NIST supports the FedRAMP program in the development of a voluntary conformity assessment system to provide confidence to government agencies that cloud computing providers meet the relevant security controls. The system is based on international standards for conformity assessment, leverages private sector resources, and seeks to minimize redundancy. In addition, NIST serves as an IT security technical advisor to the FedRAMP program in two key areas:
1) providing recommendations on the application of NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach; and
2) providing recommendations on the application of security controls selected from NIST SP 800-53 Recommended Security Controls for Federal Information Systems and Organizations for low security impact and moderate security impact Cloud Computing information systems.