Full Transparency
Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.
A key component of FedRAMP is the Risk Management Framework developed by the U.S. Department of Commerce’s National Institute of Standards and Technology, or NIST.
The NIST Risk Management Framework provides guidelines for the categorization, selection, implementation, assessment, authorization and monitoring of risk for cloud infrastructure. This six-step framework provides a risk management lifecycle that constantly assesses and evolves the security of cloud-based computing systems and offers a dynamic framework for ongoing security against new threats.
Beyond offering a comprehensive risk management regime for cloud deployments, FedRAMP and the NIST guidelines provide government agencies with a roadmap to deploy flexible and secure baseline cloud architectures upon which to layer additional levels of security and compliance guidelines. This includes those outlined in the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act, among others.
So what does this mean for federal IT administrators that are managing enterprise workloads in the cloud or considering a cloud deployment?
Government agencies are increasingly migrating mission-critical, production-level enterprise workloads to the cloud. In order to enable the appropriate levels of security controls for systems, applications and data, the underlying cloud infrastructure requires a high degree of flexibility, reliability and availability. The same is true for cloud-enabled applications that have specialized compliance requirements based on data sensitivity, such as credit card transactions, personal health information and national security information.
Use of the FedRAMP risk management framework helps to manage risk at acceptable levels for a particular organization and the workloads being operated in the cloud. FedRAMP delivers the essential requirements, enabling IT administrators to deploy and manage cloud workload with confidence.
For more information on Verizon’s federal cloud portfolio, visit the Verizon Public Sector Markets website.
This is the third in a four-part blog series that explores FedRAMP. Click on the embedded hyperlinks to read “Why FedRAMP Matters: Enabling Agility for Federal IT Organizations” and “Why FedRAMP Matters.”
