On February 19, 2016, Acquia received an Authority To Operate (ATO) from the U.S. Department of the Treasury, and is now a FedRAMPSM Compliant Cloud Service Provider (CSP). For many individuals and organizations operating in the public sector, FedRAMP is a well-known program, but what does FedRAMP compliance really mean?
FedRAMP: What is it?
With a rise in the adoption and proliferation of cloud solutions, finding a way to secure the use of cloud-based IT systems has proven challenging. Historically, the governmental process for risk management was redundant, inconsistent, time consuming, and expensive, so there was a real need to develop a solution that would cut costs and improve efficiencies. FedRAMP became that solution, adopting the “do once, use many times” approach.
FedRAMP, the Federal Risk and Authorization Management Program, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP was brought to life by close collaboration amongst cloud experts from both private industry and the following government organizations:
- General Services Administration (GSA)
- National Institute of Standards and Technology (NIST)
- Department of Homeland Security (DHS)
- Department of Defense (DOD)
- National Security Agency (NSA)
- Office of Management and Budget (OMB)
- Federal Chief Information Officer (CIO) Council
It was created to bolster the cloud computing industry, by accelerating the adoption of secure cloud solutions, providing a baseline set of standards for cloud product approval, increasing confidence in the security of cloud solutions, ensuring consistent application of existing security practices, and increasing the automation of near real-time data for continuous monitoring.