FedRAMP Releases Long Awaited High-Security Baseline, Privileged Identity Management Expected to Spike for Cloud

By Eric Noonan • June 24, 2016

Earlier this week, the Federal Risk and Authorization Management Program (FedRAMP), released the high-security baseline for cloud services. The release date for the baseline has slipped multiple times over the last few months, due to what sources have said is the result of the Department of Homeland Security’s review process as they made final changes to control features.

The new high-security baseline allows federal agencies to utilize cloud-based services for their most critical data, services like Microsoft Azure, CSRA, and Amazon Web Services (AWS). Federal agencies are currently allowed to use cloud-based service providers for low and moderate security baseline. The new baseline is mapped to NIST SP800-53 Rev. 4 security controls and requires that cloud-based service providers secure their datacenters per Federal Information Processing Standard (FIPS) for unclassified data. Once cloud-based service providers get approval from the FedRAMP Authorization Board, federal agencies can begin to use the services for highly sensitive data.

FedRAMP Director Matt Goodrich said that “We addressed about half” of the federal IT market with “low and moderate” security baselines. He believes that the new high-security baseline will address the remaining half. As a result, a surge of privileged account management solutions can be expected as sensitive data including health records and personally identifiable information are moved into the cloud.

The release of NIST SP800-53 Rev. 4 added increased requirements for securing privileged accounts to defend against Advanced Persistent Threats (APTs), in addition to the moderate baselines previously published. If federal agencies begin to move their high-security information into cloud-based services, they’ll need to manage, protect, and monitor privileged accounts just as they would in a traditional datacenter.

Cloud services companies seeking approval from FedRAMP need to address the rigorous identification and authorization, and access control requirements in the baseline, which can be accomplished using a modern Privileged Account Security/Management solution. One such solution is the CyberArk PAM System. CyberArk’s Privileged Account Security solution supports cloud service providers Microsoft Azure and Amazon Web Services (AWS) out of the box, both as Infrastructure-as-a-Service (running CyberArk in a cloud environment) and Software-as-a-Service (protecting cloud-based privileged accounts). This solution allows both federal agencies the ability to easily protect, manage and monitor these cloud-based privileged accounts, and cloud-based companies to meet the new baseline requirements.

Learn more about how CyberSheath can help secure your cloud-based services by visiting our Privileged Access Management service area.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft