800.903.6264

SecureState
Search
Home > Services > Audit and Compliance > FedRAMP Gap

AUDIT & COMPLIANCE

FedRAMP Gap Analysis

Essentials

The Federal Risk and Authorization Management Program (FedRAMP) was developed to provide a standardized approach to assess, authorize, and monitor cloud services and products. With the government’s significant push to adopt cloud solutions, the security of these solutions has become very important. This program was developed with several significant goals in mind, including:

  • Increase confidence in the security of cloud solutions
  • Achieve consistency in security authorizations using a baseline of standards
  • Ensure consistent application of security standards
  • Increase automation for near real-time data/monitoring

Benefits

Identifying and establishing the right security controls for your cloud computing services is an important step in ensuring those services meet FedRAMP requirements. Those that are looking to become government authorized cloud computing service providers must be able to understand the security controls and privacy requirements that apply to their services; and the data to be processed before the controls can be implemented. In addition to becoming a requirement within the federal government, this program saves significant costs by allowing organizations to demonstrate compliance once, as well as improving real time security visibility, and improve trustworthiness, reliability, consistency and quality of the Federal Security Authorization process.

Expertise

SecureState consultants are experts in understanding the technical infrastructure and business aspects of your organization. We have the knowledge to assist you in understanding and interpreting both the technical and administrative aspects of FedRAMP and NIST 800-53 security controls and documentation requirements. Our Team can provide you with the knowledge transfer required to ensure control gaps are identified, as well as assist with developing a plan of action to ensure your cloud computing services will meet the strict FedRAMP requirements.

Did You Know?

  • FedRAMP will achieve initial operating capability by June of 2012
  • It is important to select an organization that understands the FedRAMP Process
  • To Provide FedRAMP assessment services, organizations must become an approved 3rd Party Assessment Organization

RELATED:

Our Approach and Methodology

SecureState’s methodology follows that within the FedRAMP directive. Our team follows a very similar process to those laid out within FISMA while building security packages for FedRAMP. FedRAMP follows a four phase process:

Initiating: The FedRAMP assessment process is initiated by an agency or Cloud Service Provider (CSP) beginning a security authorization using FedRAMP requirements which are FISMA compliant and based on the NIST 800-53 standards and initating work with the FedRAMP PMO.

Assessing: CSPs implement the FedRAMP requirements within their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.

Authorizing: The FedRAMP Joint Authorization Board (JAB) will review the security assessment package based on a prioritized approach and may grant a provisional authorization.

Leveraging: Federal agencies can leverage CSP authorization packages for review when granting an agency Authority to Operate (ATO) saving time and money.

What Makes Us Different

  • SecureState works with several CSPs to develop secure architectures compliant with FedRAMP
  • Our experienced Team Members provide C&A Services to several organizations leveraging the NIST 800-53 Controls
  • We carry the necessary certifications including CISSP, CISA, GIAC, etc.

Downloads

We Can Help You

Copyright © 2012 SecureState LLC. All rights reserved.
23340 Miles Road Cleveland, Ohio 44128-5493 | 800.903.6264

SecureState Data Security