The Federal Risk and Authorization Management Program (FedRAMP) is excited to release the FedRAMP High Baseline Requirements. The High Baseline is available on www.FedRAMP.gov. These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.
Why is this such a big deal? While 80% of Federal information is categorized at low and moderate impact levels, this only represents about 50% of Federal IT spend. Now that FedRAMP has set the requirements for high impact levels, that breaks open the remaining 50% of the $80 billion a year the US Government spends on IT that could potentially move to the cloud securely. That’s huge!
In addition to the High Baseline Requirements being released, the Joint Authorization Board has been busy piloting these requirements with vendors in order to ensure their practical applicability. As of 2018, only 3 vendors meet the high baseline requirements and are ready for agencies to review and leverage:
- CSRA / Autonomic Resources – ARC-P IaaS
- Microsoft – Azure Government
- Amazon Web Services – AWS GovCloud