FedRAMP Releases Long Awaited High-Security Baseline, Privileged Identity Management Expected to Spike for Cloud

By Eric Noonan • June 24, 2016

Earlier this week, the Federal Risk and Authorization Management Program (FedRAMP), released the high-security baseline for cloud services. The release date for the baseline has slipped multiple times over the last few months, due to what sources have said is the result of the Department of Homeland Security’s review process as they made final changes to control features.

The new high-security baseline allows federal agencies to utilize cloud-based services for their most critical data, services like Microsoft Azure, CSRA, and Amazon Web Services (AWS). Federal agencies are currently allowed to use cloud-based service providers for low and moderate security baseline. The new baseline is mapped to NIST SP800-53 Rev. 4 security controls and requires that cloud-based service providers secure their datacenters per Federal Information Processing Standard (FIPS) for unclassified data. Once cloud-based service providers get approval from the FedRAMP Authorization Board, federal agencies can begin to use the services for highly sensitive data.

FedRAMP Director Matt Goodrich said that “We addressed about half” of the federal IT market with “low and moderate” security baselines. He believes that the new high-security baseline will address the remaining half. As a result, a surge of privileged account management solutions can be expected as sensitive data including health records and personally identifiable information are moved into the cloud.

The release of NIST SP800-53 Rev. 4 added increased requirements for securing privileged accounts to defend against Advanced Persistent Threats (APTs), in addition to the moderate baselines previously published. If federal agencies begin to move their high-security information into cloud-based services, they’ll need to manage, protect, and monitor privileged accounts just as they would in a traditional datacenter.

Cloud services companies seeking approval from FedRAMP need to address the rigorous identification and authorization, and access control requirements in the baseline, which can be accomplished using a modern Privileged Account Security/Management solution. One such solution is the CyberArk PAM System. CyberArk’s Privileged Account Security solution supports cloud service providers Microsoft Azure and Amazon Web Services (AWS) out of the box, both as Infrastructure-as-a-Service (running CyberArk in a cloud environment) and Software-as-a-Service (protecting cloud-based privileged accounts). This solution allows both federal agencies the ability to easily protect, manage and monitor these cloud-based privileged accounts, and cloud-based companies to meet the new baseline requirements.

Learn more about how CyberSheath can help secure your cloud-based services by visiting our Privileged Access Management service area.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO