FedRAMP has published an updated Threat-Based Risk Profiling Methodology White Paper (and an accompanying dataset on FedRAMP’s GitHub repository) that delineates changes in the way risk management decisions are made across the government. Threats evolve daily. Cloud service providers will now be able to adapt and strategically manage cloud systems with countermeasures and protection capabilities tailored to real-world threats.
The white paper follows a study on the feasibility of an agile approach to authorizations, with the goal of driving increased efficiency and cost-savings in Federal cloud cybersecurity. The FedRAMP PMO anticipates this enhanced flexibility will enable faster adoption of cloud-based solutions, less cost and regulatory strain on agency and government resources, and more secure systems.
Key takeaways from the Threat-Based Risk Profiling White Paper:
- This updated model, newly-aligned to the MITRE ATT&CK threat framework, better positions agencies and cloud service providers to prioritize the most effective and efficient security controls against real-world threats.
- Prioritizing controls will help shift the current cybersecurity paradigm from compliance to informed, risk-based authorization decisions.
- Ultimately, this approach should expedite the authorization process by focusing on controls that mitigate the most serious risks to Federal systems and data.
Read the updated Threat-Based Risk Profiling Methodology White Paper to better understand FedRAMP’s guidance on threat-based scoring and to anticipate the potential applications of this approach.
What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) supports the U.S. government’s Cloud-Smart policy by establishing consistent risk assessment and cloud security standards across agencies and their contractors (like cloud service providers). This, in turn, empowers Federal agencies to transform their operations with innovative commercial technologies and cloud solutions – while bolstering the security posture of IT infrastructure. See what distinguishes FedRAMP from FISMA.
Start with Security in Mind
Cybersecurity is a fundamental component of Federal systems and data. Every project, program, and technology solution must be weighed against the risk it poses to the agency’s mission, the government’s operations, and the safety and security of the American people. GovDataHosting is here to help.
If your organization or agency is looking to fast-track the A&A approval path, we can help you navigate FedRAMP security controls with fully-managed cloud hosting services. Our turn-key solutions lower implementation risk and tackle threats with bundled price models and value savings. Get in touch today to discuss your path to the cloud with us.