What is FedRAMP (Federal Risk and Authorization Program)?
- Objective: to support the government’s cloud computing plan
- Unified and Integrated risk management process that includes security requirements agreed upon by the federal departments and agencies
- Government-wide risk management program for outsourced and multi-agency information systems used by the U.S. government, agencies’ involvement is voluntary.
- It authorizes and constantly monitors IT services that are used by various federal departments and agencies.
- Evaluation of services provided by cloud providers
- No agencies need to have individual risk assessment and management plan
- Federal agency can sponsor the vendor’s service and submit it to FedRAMP for review by a joint authorization board.
Now, Windows Azure is among only SEVEN cloud services certified with Provisional Authorities to Operate (P-ATO). It can be used across the US federal public service. It is the highest level of FedRAMP ATO available. Microsoft has achieved provisional ATO for Windows Azure and its underlying datacenters and hence it will pave the way for FedRAMP P-ATOs for even more Microsoft cloud services.
Cloud service providers need to be compliant with ATOs before June 2014 FedRAMP security requirements deadline. Different types of cloud deployment and service models can meet the careful security requirements for FedRAMP.
Microsoft has announced yesterday that Windows Azure has been granted approval by the FedRAMP (Federal Risk and Authorization Management Program). Now, Windows Azure can be used be deployed across the US federal public service.
Joint Authorisation Board (JAB) is the highest level of certification that requires review from US federal government CIOs, Homeland Security and the Department of Defense, the General Services Administration, and third party security testing. Jab has provided Windows Azure Provisional Authoritiy to Operate (P-ATO).