FedRAMP Releases Updated Security Assessment Templates

Friday, May 11, 2012

Kevin L. Jackson

21d6c9b1539821f5afbd3d8ce5d96380

Last week the GSA FedRAMP Program Office released the latest version of the cloud computing Security Assessment Plan (SAR) template. 

This document is the most recent step toward the Federal governments goal of establishing FedRAMP initial operating Capability by June 2012.  

The Federal Risk Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Cloud Service Providers (CSP).

Testing security controls is an integral part of the FedRAMP security authorization requirements and enables Federal Agencies to use the findings that result from the tests to make risk-based decisions.

Providing a plan for security control ensures that the process runs smoothly.

This document has been designed for CSP Third-Party Independent Assessors (3PAOs) to use for planning security testing of CSPs. Once filled out, this document constitutes a plan for testing.

Actual findings from the tests are to be recorded in FedRAMP security test procedure workbooks and a Security Assessment Report (SAR).

This release also includes templates for:

Cross-posted from Cloud Musings

Possibly Related Articles:
6789
Cloud Security
Federal
Cloud Security Government Managed Services Third Party Assessments Information Security FedRAMP Federal vendors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.