Federal agencies can now use cloud computing systems to store their most sensitive, unclassified data, through the recent release of the Federal Risk and Authorization Management Program (FedRAMP) High Baseline.
“This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin,” said the FedRAMP announcement, dated June 17.
According to the announcement, moderate- and low-impact data account for only about 50 percent of the Federal IT spend, despite consisting of about 80 percent of total Federal data. The FedRAMP office expects that this new high-impact baseline will open up the remaining 50 percent of IT funds to cloud-computing options.
MeriTalk reported in March that Microsoft Azure, CSRA, and Amazon Web Services had been selected for the pilot program of the high-impact baseline, and they have now received a Provisional Authority to Operate (P-ATO) under the new requirements for high-impact data.
“Microsoft has been working with the FedRAMP PMO [Program Management Office] on the certification process and approach, from the time the program was established all the way through to our receipt of FedRAMP High for Azure Government,” said Susie Adams, CTO of Microsoft Federal. “The positive changes announced by the FedRAMP team are a direct result of its collaboration with the Federal cloud service provider community, and will streamline and speed this process, helping providers like Microsoft add more services more quickly so that agencies can take full advantage of the cloud and meet Cloud First policy objectives.”
FedRAMP will also be holding webinars on June 29 to help cloud service providers, third-party assessment organizations, and Federal agencies understand the new baseline requirements and how to take advantage of the program.