With compliance deadlines looming for Cloud Service Providers (CSPs), FedRAMP is ramping up its requirements for the monitoring of cloud systems. […]
Reports like December’s White House IT Modernization Report sometimes seem like they impose requirements on agencies from above. Speaking at the ServiceNow Federal Forum in February, Danielle Metz, a policy advisor at DoD Office of Science and Tech Policy and contributor to the Modernization Report, gave us a look inside the kitchen to see how these reports come together.[…]
TalaTek, a risk management company, announced on Feb. 26 that it received a FedRAMP ATO from the Pension Benefit Guaranty Corporation (PBGC) for its Enterprise Compliance Management Solution (ECMS). This cloud-based SaaS allows PBGC to centralize security statistics in real time and see whether it complies with a variety of security frameworks, including NIST security frameworks.
Agencies undergoing digital transformation are combining on-premise, hybrid, and multiple cloud solutions into their environments. To that end, agencies need to weave cloud security and protection of on-premise systems into their broader security strategy for a true, defense-in-depth approach.[…]
Last July, the Federal Risk and Authorization Management Program (FedRAMP) revamped the provisional authorization process to make life easier for cloud service providers (CSPs). The change let CSPs use a simple web form to delineate their business cases to FedRAMP’s Joint Authorization Board (JAB).[…]
SAP’s National Security Services (NS2), a U.S. subsidiary of the international software company, has secured a FedRAMP JAB authorization for its cloud-based human capital management (HCM) suite. SAP NS2’s SuccessFactors HCM suite offers a variety of products, including talent acquisition and management tools, analytics tools, and core human resource tools, all running on the Amazon Web Services’ (AWS) GovCloud platform.[…]
The GSA is concerned that current cloud procurement methods are leading to confusion and a lack compliance with FedRAMP requirements. To curb the contract discrepancies, the GSA released a new RFI seeking industry input to “identify examples of preferred contract language agencies should incorporate to convey FedRAMP requirements in their solicitations,” according to a FedRAMP blog.[…]