FedRAMP Releases Long Awaited High-Security Baseline, Privileged Identity Management Expected to Spike for Cloud

By Eric Noonan • June 24, 2016

Earlier this week, the Federal Risk and Authorization Management Program (FedRAMP), released the high-security baseline for cloud services. The release date for the baseline has slipped multiple times over the last few months, due to what sources have said is the result of the Department of Homeland Security’s review process as they made final changes to control features.

The new high-security baseline allows federal agencies to utilize cloud-based services for their most critical data, services like Microsoft Azure, CSRA, and Amazon Web Services (AWS). Federal agencies are currently allowed to use cloud-based service providers for low and moderate security baseline. The new baseline is mapped to NIST SP800-53 Rev. 4 security controls and requires that cloud-based service providers secure their datacenters per Federal Information Processing Standard (FIPS) for unclassified data. Once cloud-based service providers get approval from the FedRAMP Authorization Board, federal agencies can begin to use the services for highly sensitive data.

FedRAMP Director Matt Goodrich said that “We addressed about half” of the federal IT market with “low and moderate” security baselines. He believes that the new high-security baseline will address the remaining half. As a result, a surge of privileged account management solutions can be expected as sensitive data including health records and personally identifiable information are moved into the cloud.

The release of NIST SP800-53 Rev. 4 added increased requirements for securing privileged accounts to defend against Advanced Persistent Threats (APTs), in addition to the moderate baselines previously published. If federal agencies begin to move their high-security information into cloud-based services, they’ll need to manage, protect, and monitor privileged accounts just as they would in a traditional datacenter.

Cloud services companies seeking approval from FedRAMP need to address the rigorous identification and authorization, and access control requirements in the baseline, which can be accomplished using a modern Privileged Account Security/Management solution. One such solution is the CyberArk PAM System. CyberArk’s Privileged Account Security solution supports cloud service providers Microsoft Azure and Amazon Web Services (AWS) out of the box, both as Infrastructure-as-a-Service (running CyberArk in a cloud environment) and Software-as-a-Service (protecting cloud-based privileged accounts). This solution allows both federal agencies the ability to easily protect, manage and monitor these cloud-based privileged accounts, and cloud-based companies to meet the new baseline requirements.

Learn more about how CyberSheath can help secure your cloud-based services by visiting our Privileged Access Management service area.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.