FedRAMP Rev 5 Baselines have been approved and released!
Outlined below are the released documents with a supporting high level summary:
- Cloud Service Provider (CSP) Transition Plan
- Provides guidance to assist Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), Federal Agencies in transitioning to NIST SP 800-53 Rev. 5, and to the new FedRAMP requirements
- Categorizes CSPs based on their stage in the FedRAMP authorization process and defines date-based transition periods for each category
- Assists CSPs with identifying the scope of Rev. 5 Baselines
- Aligns security controls more closely with NIST
- Adds significant guidance for many controls
- Privacy controls, and any other control outside of the FedRAMP baselines, remain at the agency’s discretion
- Program Management (PM) controls remain an agency responsibility and are therefore not included in the baselines
FedRAMP Announces the Passing of the FedRAMP Authorization Act!
The Federal Risk and Authorization Management Program (FedRAMP) has great news to share: The President signed the FedRAMP Authorization Act as part of the FY23 National Defense Authorization Act (NDAA) (See Sec. 5921, page 1055). The Act codifies the FedRAMP program as the authoritative, standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.This recognizes the work FedRAMP and its stakeholders have achieved over the last decade. Check out the blog to learn more!
What is next?The final version of FedRAMP’s updated Rev. 5 baselines (including OSCAL versions), associated documentation and templates, an implementation guide, and compliance timeline will be published once all steps have been completed. FedRAMP will also provide training and educational forums specific to the Rev. 5 updates and transition process.More…