FedRAMP Rev 5 Baselines have been approved and released!

The FedRAMP Joint Authorization Board has approved the FedRAMP Rev. 5 baselines. The FedRAMP baselines were updated to correspond with the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-53 Rev. 5 Catalog of Security and Privacy Controls for Information Systems and Organizations and SP 800-53B Control Baselines for Information Systems and Organizations.

Outlined below are the released documents with a supporting high level summary:
  • Cloud Service Provider (CSP) Transition Plan 
  • Provides guidance to assist Cloud Service Providers (CSP), Third Party Assessment Organizations (3PAOs), Federal Agencies in transitioning to NIST SP 800-53 Rev. 5, and to the new FedRAMP requirements
  • Categorizes CSPs based on their stage in the FedRAMP authorization process and defines date-based transition periods for each category
  • Assists CSPs with identifying the scope of Rev. 5 Baselines 
  • Aligns security controls more closely with NIST
  • Adds significant guidance for many controls
  • Privacy controls, and any other control outside of the FedRAMP baselines, remain at the agency’s discretion
  • Program Management (PM) controls remain an agency responsibility and are therefore not included in the baselines
For more details, please visit the blog!!

FedRAMP Announces the Passing of the FedRAMP Authorization Act!

The Federal Risk and Authorization Management Program (FedRAMP) has great news to share: The President signed the FedRAMP Authorization Act as part of the FY23 National Defense Authorization Act (NDAA) (See Sec. 5921, page 1055). The Act codifies the FedRAMP program as the authoritative, standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.This recognizes the work FedRAMP and its stakeholders have achieved over the last decade. Check out the blog to learn more! 

FedRAMP Update

What is next?The final version of FedRAMP’s updated Rev. 5 baselines (including OSCAL versions), associated documentation and templates, an implementation guide, and compliance timeline will be published once all steps have been completed. FedRAMP will also provide training and educational forums specific to the Rev. 5 updates and transition process.More…

Personal data is collected by SYNOTEK, LLC and processed regarding prospective and current clients and employees/agents of those clients for the purpose of rendering professional services to SYNOTEK, LLC’s clients. Personal data may be processed in limited circumstances pertaining to the general public in order to respond to requests for information submitted via SYNOTEK, LLC’s website. Should such a request be received from the general public, SYNOTEK, LLC will use the personal data voluntarily provided via the website to reply providing the requested information or communication to the individual making the request.

SynoTek, LLC Privacy and Cookie Policy per FTC Privacy Shield

Policy and Cookie Policy - FTC Privacy Shield