The Federal Risk and Authorization Management Program (FedRAMP) is how the US government determines whether cloud services and products are sufficiently secure for use by federal agencies. FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
• Rapidly adopt secure cloud services through reuse of assessments and authorizations
• Assure the confidence in the security of cloud solutions
• Maintain consistent security certification standards for cloud products and services
• Preserve transparency between the federal government and cloud service providers
Demonstrating FedRAMP Compliance
FedRAMP uses the NIST Special Publication 800 series, such as NIST 800-53 as a library of system controls and NIST 800-37 for risk management, and requires cloud service providers to receive an independent security assessment conducted by an external assessor to ensure that authorizations are compliant with the Federal Information Security Management Act (FISMA)
The FedRAMP Program Management Office (PMO) has outlined the following requirements for FedRAMP compliance:
• The cloud service provider (CSP) has been granted an Agency Authority to Operate (ATO) by a US federal agency, or a Provisional Authority to Operate (P-ATO) by the Joint Authorization Board (JAB).
• The CSP meets the FedRAMP security control requirements as described in the NIST 800-53, Rev. 4 security control baseline for moderate or high impact levels.
• All system security packages must use the required FedRAMP templates.
• The CSP must be assessed by a third-party assessment organization (3PAO).
• The completed security assessment package must be posted in the FedRAMP secure repository.
Accurately assess FedRAMP Compliance with Nipper
Audits: Firewalls | Switches | Routers
Saving you significant time and resources, Nipper is easy to configure for FedRAMP assessments and integrates with SIEM and SOAR systems for a network-wide view of compliance.