GSA Announces New FedRAMP Provisional Cloud Security Authorizations
June 6, 2013
FedRAMP Joint Authorization Board authorizations and two agency authorizations increases the options for standardized, secure cloud services
WASHINGTON, DC -- Today, the U.S. General Services Administration (GSA) announced that the Federal Risk and Authorization Management Program (FedRAMP) has issued two new Joint Authorization Board (JAB) provisional cloud security authorizations to HP and Lockheed Martin. The FedRAMP Joint Authorization Board is comprised of the Chief Information Officers from GSA and the Departments of Defense and Homeland Security.
FedRAMP is a standardized approach to cloud security assessments, authorization, and monitoring that will save the government money, time, and staff by eliminating redundant agency security assessments. Through FedRAMP’s leveraged security authorizations, federal agencies can also significantly reduce the time it takes to adopt new cloud IT capabilities.
“These two new Joint Authorization Board provisional authorizations continue to demonstrate the viability of the FedRAMP program,” said Dave McClure, Associate Administrator of GSA’s Office of Citizen Services and Innovative Technologies. “With four JAB authorizations and two agency authorizations, we’ve got some good early examples of the different ways to utilize FedRAMP for an agency’s specific security needs.”
These Infrastructure as a Service offerings by HP Enterprise Cloud Services – Virtual Private Cloud (ECS-VPC) and Lockheed Martin’s SolaS Cloud Solution join the cloud offerings by Autonomic Resources and CGI Federal under JAB provisional authorities to operate (ATO).
In order to receive this provisional authorization, HP and Lockheed Martin documented and fully implemented the FedRAMP security controls on their cloud services offerings. In addition, both companies used one of 20 independent FedRAMP accredited Third Party Assessment Organizations (3PAO) to assess and verify their security implementations.
The list of FedRAMP accredited 3PAOs has also grown with a trio of new additions in the last month. KPMG LLP was added as well as small businesses Burke Consortium, Inc. and Dakota Consulting, Inc. which grew the total number of small business 3PAOs to 11 out of 20.
In May, the Department of Health and Human Services (HHS) granted Amazon Web Services’ GovCloud and US East / West offerings each an agency ATO using FedRAMP requirements. Amazon’s agency ATOs were authorized by the HHS CIO and Chief Information Security Officer and used the FedRAMP baseline controls, the FedRAMP templates, and were each assessed by a FedRAMP accredited 3PAO.
Agencies will be able to review the full provisional authorization packages as well as the independent assessment conducted by a FedRAMP-accredited 3PAO for their own agency specific security authorizations through the FedRAMP secure repository. Agencies can request access via FedRAMP.gov.
About GSA -- The mission of GSA is to deliver the best value in real estate, acquisition, and technology services to government and the American people.
About HP -- The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. Their independent assessment was completed by Lunarline, a FedRAMP accredited 3PAO.
About Lockheed Martin -- Headquartered in Bethesda, MD, Lockheed Martin is a global security and aerospace company that employs about 118,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. Their independent assessment was completed by Coalfire, a FedRAMP accredited 3PAO.