News Feature | April 6, 2016

FedRAMP Approves 3 Cloud Service Providers For High Baseline Pilot Program

Christine Kern

By Christine Kern, contributing writer

Moving Your Small Practice Health IT Clients To Cloud EHR Solutions

Microsoft Azure, CSRA, and Amazon Web Services are the first to achieve a high impact rating.

Microsoft Azure, CSRA, and Amazon Web Services are the first three cloud services providers to achieve a high impact rating under the Federal Risk and Authorization Management Program (FedRAMP), with the final baseline to be released in the next few weeks. The three companies participated in a pilot program to determine the level of difficulty CSPs will face in upgrading systems to the high baseline and attain necessary certification, according to The Federal Times. This allows Federal agencies to transfer more sensitive data onto contracted CSP services, improving operation levels.

“As we see Federal cloud adoption among the agencies, they started out with not-as-sensitive data, public-facing websites, public-facing data,” Susie Adams, Microsoft Federal’s chief technology officer, told MeriTalk. Agencies are now looking to move sensitive data into cloud services, but because of its sensitive nature the data requires higher standards of protection from cloud service providers.

“The creation of the FedRAMP high-security baseline is essential in allowing agencies to migrate more high-impact-level data to the cloud,” Matt Goodrich, director for FedRAMP’s Program Management Office, told MeriTalk. “Selecting Microsoft Azure Government to participate in FedRAMP’s high-impact baseline pilot and its forthcoming Provisional Authority to Operate (P-ATO) from the FedRAMP [Joint Authorization Board] are testaments to Microsoft’s ability to meet the government’s rigorous security requirements.”

Matt Goodrich told The Federal Times the high baseline is being finalized now and should be released for any and all interested CSPs in April. The pilot was the final step to develop the high baseline, a process that took a year to complete. The high baseline assures agencies that CSPs can handle and store sensitive information securely in the cloud.

“There’s a very big difference between the governance of those services at a high system versus a moderate system,” Goodrich said in January. “At that point you are talking life-and-limb or financial ruin, so the difference in oversight of that is what we’re trying to get to.”

Now that a few CSPs have made it through the process, many more are expected to follow in the coming months and years.

“The FedRAMP compliance programs are critical to U.S. government agencies being able to securely take advantage of cloud technology,” Teresa Carlson, vice president of worldwide public sector for AWS, told Federal Times. “Cloud continues to be a major catalyst in how the government can achieve operational efficiencies, cost savings and innovation on-demand to advance their mission.”