FedRAMP cloud security requirements under revision

FedScoop: Security requirements for cloud services are getting an update from the Federal Risk and Authorization Management Program to align with recent guidance from the National Institute of Standards and Technology.

The FedRAMP program management office (PMO) is currently drafting new baselines for the low-, moderate- and high-impact security levels based on NIST‘s fifth revision (Rev5) to Special Publication 800-53, which catalogs security and privacy controls. Those levels determine security based on whether the data being secured is publicly available, contains personally identifiable information, or would be detrimental to agencies and operation should it be exposed.

Read article