FedRAMP Releases Long Awaited High-Security Baseline, Privileged Identity Management Expected to Spike for Cloud

By Eric Noonan • June 24, 2016

Earlier this week, the Federal Risk and Authorization Management Program (FedRAMP), released the high-security baseline for cloud services. The release date for the baseline has slipped multiple times over the last few months, due to what sources have said is the result of the Department of Homeland Security’s review process as they made final changes to control features.

The new high-security baseline allows federal agencies to utilize cloud-based services for their most critical data, services like Microsoft Azure, CSRA, and Amazon Web Services (AWS). Federal agencies are currently allowed to use cloud-based service providers for low and moderate security baseline. The new baseline is mapped to NIST SP800-53 Rev. 4 security controls and requires that cloud-based service providers secure their datacenters per Federal Information Processing Standard (FIPS) for unclassified data. Once cloud-based service providers get approval from the FedRAMP Authorization Board, federal agencies can begin to use the services for highly sensitive data.

FedRAMP Director Matt Goodrich said that “We addressed about half” of the federal IT market with “low and moderate” security baselines. He believes that the new high-security baseline will address the remaining half. As a result, a surge of privileged account management solutions can be expected as sensitive data including health records and personally identifiable information are moved into the cloud.

The release of NIST SP800-53 Rev. 4 added increased requirements for securing privileged accounts to defend against Advanced Persistent Threats (APTs), in addition to the moderate baselines previously published. If federal agencies begin to move their high-security information into cloud-based services, they’ll need to manage, protect, and monitor privileged accounts just as they would in a traditional datacenter.

Cloud services companies seeking approval from FedRAMP need to address the rigorous identification and authorization, and access control requirements in the baseline, which can be accomplished using a modern Privileged Account Security/Management solution. One such solution is the CyberArk PAM System. CyberArk’s Privileged Account Security solution supports cloud service providers Microsoft Azure and Amazon Web Services (AWS) out of the box, both as Infrastructure-as-a-Service (running CyberArk in a cloud environment) and Software-as-a-Service (protecting cloud-based privileged accounts). This solution allows both federal agencies the ability to easily protect, manage and monitor these cloud-based privileged accounts, and cloud-based companies to meet the new baseline requirements.

Learn more about how CyberSheath can help secure your cloud-based services by visiting our Privileged Access Management service area.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security