FedRAMP basics: Taking the mystery out of cloud security assessment

FedRAMP basics: Taking the mystery out of cloud security assessment

Date: Jun 28, 2013

The Federal Risk Management and Accreditation Program, otherwise known as FedRAMP, is an independent accreditation process that allows cloud providers to align their security postures with standards deemed acceptable by the U.S. government. FedRAMP is still quite new, but is already having an important effect on organizations' cloud security assessment processes.

"[FedRAMP] takes away a lot of the pressure or mystery on what to evaluate," said Tony UcedaVelez, founder and managing partner with application security consultancy VerSprite. "It does facilitate the notion that security has been taken care of. That in and of itself is also a weakness."

In this video, UcedaVelez discusses the pros and cons of FedRAMP, and how to avoid using FedRAMP as an excuse to avoid examining the security capabilities of cloud service providers. He also discusses why FedRAMP may suffer from some of the same drawbacks of the Payment Card Industry Data Security Standard, and how to ensure due diligence when evaluating cloud provider security. Finally, he touches on how non-government organizations seeking secure cloud services can benefit from FedRAMP.

More on Cloud Compliance: Federal Regulations and Industry Regulations

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: