Home » cyber security » Are You Behind the FedRAMP Curve?
FedRAMP for CSPs

Are You Behind the FedRAMP Curve?

Two and a half years ago, the General Services Administration (GSA) released the Federal Risk and Authorization Management Program (FedRAMP), a set of security standards for uniformly assuring the security of cloud services providers (CSPs) that want to contract with government agencies.

Spurred by the federal government’s renewed push toward adopting cloud services, FedRAMP compliance is once again building momentum. Twenty-seven organizations have officially achieved certification standards, and many others are expected to follow suite now that the GSA has unveiled its new FedRAMP roadmap.

The roadmap, which was released in January, outlines the planned evolution for FedRAMP in the next few years. The GSA has also defined a set of deliverables that are scheduled to be released during a 24-month period. These include a set of baseline standards for non-classified technical systems, automation requirements for both CSPs and government agencies and expanded baseline metrics for compliance.

A draft of the GSA’s expanded requirements is available for public review and comment on the FedRAMP website. Once the review period ends in March, these standards are expected to be finalized within 12 months.

Once the roadmap is confirmed, CSPs — whether currently contracting with a government agency or hoping to do so — will need to understand these standards and what’s involved in implementing them. And, as the FedRAMP initiative continues to evolve, it will be imperative that CSPs keep pace and maintain their status as certified vendors to keep partnerships in tact and build new ones.

So, what should CSPs do to prepare? The best course of action is to be proactive and start making a concerted effort to get FedRAMP compliant now. The process is a long and challenging one. However, CSPs don’t have to tackle it alone. A 3PAO-certified organization can help manage the assessment process and report results to the Joint Authorization Board (JAB). A 3PAO can also assist with consultation and training, if needed, and be a guide for the duration of the FedRAMP process.

If you’re a CSP looking for assistance with FedRAMP, click here to learn more about Lunarline’s FedRAMP compliance services. You can also visit Lunarline.com or contact us directly to learn more about our services for CSPs.

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.