FedRAMP Working On New Draft Baselines For Cloud Security Requirements

The Federal Risk and Authorization Management Program (FedRAMP) is using the National Institute of Standards and Technology’s (NIST) guidelines and procedures to provide standardized security requirements for cloud services.

Specifically, FedRAMP leverages NIST’s Special Publication [SP] 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations series, including the baselines and test cases.

NIST recently released SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, Revision 5 (Rev5) catalog of security and privacy controls and SP 800-53B, Control Baselines for Information Systems and Organizations.

FedRAMP said it is in the process of revising all applicable FedRAMP materials to align with NIST’s updates.

Additionally, when NIST releases the final version of SP 800-53A – Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, FedRAMP will update the FedRAMP test cases as well.

FedRAMP will publish the final version of FedRAMP’s updated baselines (including OSCAL versions), associated documentation and templates, an implementation guide, and compliance timeline.

Further, FedRAMP will provide training and educational forums on the updates and transition process, and will be available to answer questions.

You may also like

Kong Konnect Dedicated Cloud Gateways now available on AWS

Generative AI software revenue in Asia & Oceania projected to exceed $18B by 2028: Report

New Authservice project helps simplify cloud-native authentication

Acorn Labs’ GPTScript aims to redefine coding for AI applications

Clazar raises $10M Series A to empower SaaS companies to leverage cloud marketplaces

SIOS Technology’s Sandi Hamilton wins Bronze Stevie Award