Cloud quick start with FedRAMP Tailored
Getting approval from the Federal Risk and Authorization Management Program for federal cloud-based services can be a long haul for agencies and vendors alike. But the FedRAMP Tailored program – designed for low-impact public information in software-as-a-service applications -- can drastically reduce the time to authorization, according to Ashley Mahan, acting director of the Federal Risk and Authorization Management Program.
FedRAMP Tailored offers a simpler, transparent approach to condensing the authorization process, she told the audience at the Feb. 21 Security Innovation in the Cloud workshop.
Rather than having to meet 126 technical security controls for the low baseline, for example, FedRAMP Tailored applications only have to comply with about 35 controls. Documentation for applications has been cut to one page, and assessments can be conducted by agency staff.
The use cases that are a good fit for FedRAMP Tailored, Mahan said, include collaboration, task management, communication, learning and facility scheduling.
The program has gotten plenty of use. Mahan's office has met with more than 20 agencies and over 40 cloud service providers. In 2018, 25% of in-process SaaS services were authorized using the FedRAMP Tailored model, and 11 services have been approved at 10 agencies using the Tailored baseline.
For more on the program, watch the video above or visit FedRAMP Tailored.
Connect with the GCN staff on Twitter @GCNtech.