A new list of “RedRAMP Ready Systems” is meant to make it easier for agencies to comply with security controls.
The many agencies that skipped a June deadline to ensure their cloud services meet basic security controls now have a faster way to comply, according to government officials.
The Federal Risk and Authorization Management Program, a cloud certification endeavor, has created a regularly updated list of "FedRAMP Ready Systems" that are close to approval.
Their levels of readiness vary, from possessing preliminary documentation to having undergone a complete assessment by a government-approved auditor. The list describes the status of each cloud service.
"Agencies can then use this documentation to initiate an assessment and authorize these systems in a faster time than starting from scratch," officials announced in a monthly FedRAMP newsletter.
Not every name on the rundown will be a cloud company service. Other categories of systems listed will include build specifications and documentation for open source code agencies can deploy, according to a new "FedRAMP Ready" website.
Officials added, "FedRAMP Ready systems allow potential agency customers and authorizing officials a starting point to initiate an authorization.”
The six systems currently designated FedRAMP Ready include:
- CA Technologies
- Project Hosts
Of 77 agency cloud contracts recently reviewed by federal inspectors general, nearly three-fourths failed to meet a June deadline for complying with FedRAMP security standards, according to a September IG report. The errant systems were found in 16 of the 19 agencies reviewed.
The inspectors attributed part of the sluggishness to both the lack of penalties for sidestepping FedRAMP and an agency that can enforce compliance.