The Federal Risk and Authorization Management Program, or FedRAMP, rolled its baseline for the anticipated FedRAMP Tailored service on Feb. 16, making the proposed software-as-a-service cloud solution open for comment.
The public may provide feedback on the strictly low-risk SaaS service baseline until March 17.
In a blog post on its website
, FedRAMP detailed how the Tailored service would allow cloud vendors to fast-track approval for low-risk cloud security solutions so that agencies could get them faster.
“We hope FedRAMP Tailored will provide a way in which FedRAMP can support the need government authorizing officials have for a standardized approach to determining the risks associated with authorizing specific low-impact cloud applications — for example, small scale cloud applications that assist the government in doing business, but that do not directly impact the government’s mission needs,” the post said.
Officials likened the services FedRAMP Tailored would provide to protecting a bike with a U-lock, offering solutions for services needing minimum security requirements like “collaboration tools, project management and open-source development.”
FedRAMP Tailored has been anticipated since last fall, when officials signaled their plans to roll out the service in 2017 to make it easier for vendors to get their low-risk SaaS products authorized through the FedRAMP process.
Services provided on FedRAMP Tailored will have to meet the Federal Information Processing Standards 199 Publication requirement for a low-security-impact as well as provide services without collecting personally identifiable information and be authorized in an existing FedRAMP-authorized infrastructure.
The public can review the Tailored baseline on
and provide comments through March 17.