FedRAMP recently announced the availability of their FedRAMP Tailored baseline program, designed to expedite and streamline the process for low risk systems like collaboration tools, project management applications, and tools for developing open-source code.
The tool for cloud service providers was finalized after two rounds of public comment on the program.
“We think the goals for FedRAMP Tailored address these cases that are low risk for use — focusing on services like collaboration tools, project management, and open-source development,” the FedRAMP PMO said in a post on its site. “The FedRAMP Tailored baseline provides a minimum set of security control requirements. As always and required by law, agency authorizing officials have the ultimate responsibility of determining if additional security controls are required to remain in compliance with agency-specific policies, procedures, and their own risk tolerance. However, we believe the FedRAMP program, including our goals for Tailored, is a key part of issuing an informed, risk-based authority to operate.”
The low impact software as a service requirements under FedRAMP Tailored include:
- Categorizing the Information System
- Selecting Security Controls
- Implementing Security Controls
- Assessing Security Controls
- Authorizing the Information System
- Monitoring Security Controls
The Tailored program was originally opened for comment in February 2017, receiving over 330 comments and reactions, according to the FedRAMP post, then reopened in July after updates based on the first round of feedback.
Final documents for the FedRAMP Tailored program are now available on fedramp.gov.
Jessie Bur covers federal IT and management.