Thursday, December 8, 2011

FedRAMP is Official.

Just a quick note to let people know if they hadn't already heard about it. The SP 800-53 rebranding that produced Government Cloud 1.0 (my words), or FedRAMP, is now official.

There are some key takeaways from this that perhaps we'll go into more detail later. First, you can find out all about FedRAMP here:, and you can find the NIST Cloud landing page at Note the requirement for a third party audit from an authorized organization prior to authorized operations. See more of that here: 3PAO Information.
"Please attend the Industry Day on December 16, 2011 for additional information on the Program and the 3PAO application process. Please register for the event by COB Wednesday December 14, 2011 via the following URL:"
The main takeaway is that notice the security concepts didn't change. You still have access controls. You still have perimeter defenses. The same control standards (SP800-53) applied to today's systems were applied to this new fearsome beast called the cloud. Do the solutions and implementations change? Certainly! And the fundamentals still remain the same. Now onto the next post:).