Ready to manage your entire data center in one solution?

Start your test drive here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Free 30 Day Trial - With Your Own Data

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Take DCIM Monitoring for a Test Drive

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Take DCIM for a Spin

Request Your Free Online Demo Today

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Free Full Featured Download

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

See why marquee customers
are moving to the Sunbird
DCIM platform.

Start your test drive here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

See why marquee customers
are moving to the Sunbird
DCIM platform.

Start your test drive here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

DCIM Suite Bundle

 

See why marquee customers
are moving to the Sunbird
DCIM platform.

Request your demo here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Ready to join marquee customers moving to the Sunbird DCIM platform?

Request your quote here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Request Quote

 

Ready to manage your entire data center in one solution?

Start your test drive here

We’re committed to your privacy. Sunbird uses the information you provide us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

FedRAMP Compliance Requirements

The Federal Risk and Authorization Management Program (FedRAMP) is a program created by the U.S. government to standardize the security assessment, authorization, and monitoring of cloud computing services for government use.

A cloud service offering must demonstrate compliance with FedRAMP requirements and receive FedRAMP authorization to be used by U.S. federal agencies.

FedRAMP ensures that cloud products and services used by federal agencies are secure, enables faster and cheaper procurement, and eliminates the possibility of duplicate efforts and costs across agencies.

What Are the FedRAMP Compliance Requirements?

The NIST SP 800-53 catalog is controls is used as a baseline for FedRAMP compliance. Some modifications have been made to address the unique risks associated with cloud computing environments such as multi-tenancy, visibility, and shared resource pooling.

To comply with FedRAMP requirements, you will need to implement numerous controls covering a wide range of security aspects including:

  • Access control
  • Awareness and training
  • Audit and accountability
  • Security assessment and authorization
  • Configuration management
  • Contingency planning
  • Identification and authentication
  • Incident response
  • Maintenance
  • Media protection
  • Physical and environmental protection
  • System security planning
  • Personnel security
  • Risk assessment
  • System and services acquisition
  • System and communications protection
  • System and information integrity

For the complete list of compliance requirements, download the FedRAMP Security Controls Baseline.

How to Obtain FedRAMP Authorization

It’s best to approach FedRAMP authorization in four stages:

  1. Planning, implementation, and documentation. First, establish a relationship with a federal agency that wants to use your cloud offering and will put in the time and effort to get your application or service authorized. Determine whether your path to authorization is to obtain an Authority to Operate (ATO) from a single agency or to obtain a Provisional Authority to Operate (P-ATO) from the Joint Authority Board (JAB). Each path has pros and cons in terms of cost and effort required. Then, determine which category of security impact level applies to you (low, moderate, or high). You will need to use the FIPS 199 categorization template and the NIST Special Publication 800-60 volume 2 Revision 1 to ensure you are categorizing your offering correctly based on the type of information you process, store, and transmit. Next, fulfill the FedRAMP Security Controls Baseline requirements that match the security impact level your offering is categorized at. Document your implementation in a System Security Plan document that details how the implementation meets the requirements and the roles and responsibilities of those involved. Finally, prepare and submit all the necessary supporting documents including the e-Authenticate Worksheet, Privacy Threshold Analysis, Information Security Policies, User Guide, Rules of Behavior, IT Contingency Plan, Configuration Management Plan, Control Information Summary, and Incident Response Plan.
  2. Get an independent security assessment. You will need to have your cloud offering assessed to verify that the security controls you have implemented are in accordance with the FedRAMP requirements. If you are seeking an ATO from an agency, you can use a non-accredited independent assessor. If you are seeking a P-ATO, you will need to use a third-party assessment organization that is accredited by the A2LA to conduct the test. Develop a Plan of Action & Milestones (POA&M) to address and remediate any security risks that were found during the assessment.
  3. Submit your security package. Once you have completed the security assessment and all the associated documentation, submit the entire package to the authorizing official at the agency you’re partnering with or the JAB. The package will be reviewed, and you will either receive approval or a request for additional testing. If the agency accepts the risk of using your cloud offering, you will receive an ATO.
  4. Implement continuous monitoring. To maintain your authorization, you must implement continuous monitoring, continue to meet all FedRAMP requirements, and maintain the appropriate risk level associated with your security impact level. Failure to comply can result in the agency or JAB revoking your authorization.

Related Links

Browse other terms alphabetically:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

WORD OF THE DAY:

Data Center Layout
A data center layout is the strategic arrangement of the racks, equipment, and supporting infrastructure within a data center.
Learn even more about this term