GSA Announces First FedRAMP Provisional Cloud Security Authorizations
FedRAMP Joint Authorization Board’s first provisional authorization gives agencies a “do once, use many times” framework that saves cost, time, and staff
Dec. 27, 2012
WASHINGTON -- Today, the U.S. General Services Administration announced that the Federal Risk and Authorization Management Program (FedRAMP) has issued the first Joint Authorization Board (JAB) approved provisional cloud security authorization to Autonomic Resources LLC. The FedRAMP Joint Authorization Board is comprised of the Chief Information Officers from GSA and the Departments of Defense and Homeland Security.
FedRAMP is a standardized approach to cloud security assessments, authorization, and monitoring that will save the government money, time, and staff by eliminating redundant agency security assessments. Through FedRAMP’s leveraged security authorizations, federal agencies can also drastically reduce the time it takes to adopt new IT capabilities.
“The FedRAMP provisional authorization process sets a rigorous certification and accreditation bar for cloud service providers. By using FedRAMP and eliminating redundant security assessments, agencies can save an estimated $200,000 per authorization,” said Dave McClure, Associate Administrator of GSA’s Office of Citizen Services and Innovative Technologies. “This innovative collaboration with industry will lead to a common and more effective and efficient security authorization process government-wide.”
In order to receive this provisional authorization, Autonomic Resources documented and fully implemented the FedRAMP security controls on their cloud services offerings. In addition, they had an independent FedRAMP accredited Third Party Assessment Organization (3PAO) audit these implementations. Now, Autonomic Resources’ system is provisionally authorized to securely contain Federal information at a moderate Federal Information Security Management Act level of security. Agencies will be able to review the full provisional authorization package as well as the independent assessment conducted by a FedRAMP-accredited 3PAO for their own agency specific security authorizations. The JAB is expected to issue additional ATOs in early 2013 and announcements will be made as the authorizations are granted.
Autonomic Resources LLC is a certified 8a small business from Cary, North Carolina offering Infrastructure as a Service capabilities for federal agencies. Their independent assessment was completed by Veris Group, a FedRAMP accredited 3PAO.