The Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, released FedRAMP Tailored on September 28, 2017. This new Baseline was designed and developed for Cloud Service Providers (CPS) with Low-Impact Software-as-a-Service (LI-SaaS) Systems, supporting emerging technology as low cost and low-risk industry solutions.
What is the Purpose of FedRAMP Tailored?
After collaboration with government digital service teams, the Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST), the Joint Authorization Board (JAB) and third-party vendors, FedRAMP recognized the need to increase the existing program’s flexibility for quicker authorization and implementation of low-risk solutions.
FedRAMP Tailored is a policy and set of requirements to create a more efficient process for LI-SaaS providers to achieve a FedRAMP Agency Authorization to Operate (ATO), by achieving these three objectives:
- Streamline the authorization process for low-risk solutions including collaboration tools, project management applications, and open-source coding tools
- Standardize officials’ approach for measuring risks affiliated with authorizing LI-SaaS cloud applications
- Leverage cloud solutions for government use while ensuring security and privacy
Original Article: https://a-lign.com/fedramp-tailored-new-program/