FedRAMP

Today, only a small number of Cloud Service Providers (CSPs) have access to the Federal marketplace. Those are the ones that are FedRAMP compliant. All others are in jeopardy of losing the opportunity to sell their services in the Federal marketplace.

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services for use by federal entities.  The Federal Cloud Computing Strategy includes an Office of Management and Budgets (OMB) mandate stating that agencies must “use FedRAMP when conducting risk assessments, security authorizations, and granting ATOs for all Executive department or agency use of cloud services.”

Could hyperlink to the Fed Cloud Computing Strategy is at: https://cio.gov/wp-content/uploads/downloads/2012/09/Federal-Cloud-Computing-Strategy.pdf

and to the OMB FedRAMP Mandate Memo at: https://cio.gov/wp-content/uploads/2012/09/fedrampmemo.pdf

As part of the FedRAMP authorization, the security controls implemented by the CSP must be evaluated for operational effectiveness by a FedRAMP-accredited independent assessor called a Third Party Assessment Organization (3PAO).

Logyx, a FedRAMP leader since the program’s inception, has been accredited as a 3PAO by the America Association for Laboratory Accreditation, an internationally-recognized accreditation body that is tasked by the FedRAMP Project Management Office (PMO), to verify an assessment organization’s capabilities and process maturity per ISO/IEC 17020.

How Can Logyx Assist You to Become a FedRAMP Authorized CSP?

Meeting the FedRAMP compliance requirements can be a time-consuming and daunting task, requiring detailed knowledge of security requirements in the Federal government. Experience with the body of documentation from the National Institute of Standards and Technology (NIST) is essential.

Logyx understands that you are in the business of selling cloud services, not security. That’s why we are here to provide three essential services:

     1. FedRAMP Readiness –

  • Pre-Assessment Services - organizations considering FedRAMP and would like to discover their readiness level, and any gaps to remediate, in order to go through the FedRAMP process, efficiently.
  • Consulting – an independent arm of Logyx can perform duties related to documentation, planning and development of the system to prepare for a FedRAMP Assessment. This work is done independent of our FedRAMP assessment team as not to present a conflict of interest.


     2. FedRAMP Assessment Services –

  • Perform as the independent assessor for CSP organizations ready to undergo the FedRAMP assessment process of documenting security controls, security testing and delivering a finalized security package in pursuit of either a Joint Authorization Board (JAB) Provisional Approval to Operate (P-ATO) or a federal agency sponsored Approval to Operate (ATO).

   

    3.  FedRAMP Continuous Monitoring –

  • services required to maintain the FedRAMP JAB P-ATO or Agency ATO which must be conducted by a 3PAO at regular intervals.