Federal Risk and Authorization Management Program (FedRAMP) has rolled out the final version of the high impact baseline – a framework which authorizes third party vendors to host some of the government’s most sensitive data in the cloud.
Agencies are now able to certify cloud service providers (CSPs) to handle the kind of data that could affect “life and limb or lead to financial ruin,” said FedRAMP Director, Matt Goodrich.
The AWS GovCloud (US) Region received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP) High baseline, a standardized set of security requirements for cloud services.
AWS’s FedRAMP High authorization, which includes over 400 security controls, gives U.S. government agencies the ability to leverage the AWS Cloud for highly sensitive workloads, including Personal Identifiable Information (PII), sensitive patient records, financial data, law enforcement data, and other Controlled Unclassified Information (CUI).
“Over 2,300 government customers across the world are using the AWS Cloud to innovate in amazing ways – from analyzing data on social media to collect information on adverse drug effects, to making genomic data publicly accessible, to collecting images from Mars,” said Teresa Carlson, Vice President Worldwide Public Sector, AWS.
“By demonstrating the security of the AWS Cloud with the FedRAMP High baseline, agencies can confidently use our services for an even broader set of critical mission applications and innovations,” she added.
FedRAMP also confirmed that Azure Government was one of the cloud service providers selected to participate in the FedRAMP High Pilot to build the High Impact Baseline. They also received a High Impact Provisional Authority to Operate (P-ATO) signature for their Azure Government environment.
Up until this point, federal agencies could only migrate low and moderate impact workloads. Now, Azure Government has controls in place to securely process high-impact level data—that is, data that, if leaked or improperly protected, could have a severe adverse effect on organizational operations, assets, or individuals.
“Microsoft remains committed to delivering the most complete, trusted cloud platform to customers. This accreditation helps demonstrate our differentiated ability to support the unique needs of government agencies as they transition to the cloud,” said Sussie Adams, CTO at Microsoft.
CSRA Inc., a provider of next-generation IT solutions and professional services to government organizations, was also selected. CSRA participated in a pilot program for the new high baseline accreditation, which was initiated and managed by a joint working group including the General Services Administration, the Department of Homeland Security and the Department of Defense.
“We are the only pure-play next-generation IT services provider to achieve the FedRAMP FISMA High Baseline accreditation, a result of the brilliant teamwork and collaboration that permeate CSRA,” said Larry Prior, CSRA’s president and CEO.
“Our ARC-P Infrastructure-as-a-Service (IaaS) cloud offering is one of the most security compliant clouds available for our federal civilian and defense customers. This major accomplishment in security enhancement reassures our customers that CSRA is vigilant in providing highly secure government cloud services,” he added.
“Humans can mess things up. So if there is any place where a vendor can automate something, it likely has to be automated for the high baseline,” Goodrich said. “We want to take out all the aspects of human error because you’re looking at things that are life, limb or financial ruin.”