The Security and Compliance Experts
Sales: 855-623-8329

FISMA Cloud Computing

FISMA Cloud Computing and the FedRAMP Program

In the past several years the U.S. federal government has made a strong movement toward adoption of cloud computing services. Initiatives such as the Cloud First policy demonstrate a commitment on the part the federal government to capitalize on the cost-savings and agility that cloud services can provide. For cloud service providers (CSPs), this development represents an enormous opportunity. It also compels CSPs to understand FISMA cloud computing and the FedRAMP program.

What is FISMA Cloud Computing?

The Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to develop, document, and implement measures for securing information systems operated by the agencies or by contractors on the agencies' behalf. The National Institute of Standards and Technology (NIST) codified this federal policy with a series of standards for implementing management, operational, and technical controls for securing data and IT infrastructures. Federal agencies each year must certify that their IT operations, whether on-premise or hosted by a third party provider, comply with FISMA security standards.

As the benefits of the cloud became clear in recent years, federal agencies became interested in FISMA cloud computing. FISMA cloud computing is cloud computing that achieves and maintains FISMA compliance. A FISMA cloud is a private cloud or federal-only community cloud, hosted in a FISMA-compliant data center, that has been certified against FISMA security standards and has received an authorization to operate (ATO) from a federal agency.

FISMA Cloud Computing Transitions to FedRAMP Cloud

The Federal Risk and Authorization Management Program (FedRAMP) officially launched in 2011 with the goal of standardizing and streamlining the process by which federal agencies assess and authorize cloud computing services. Like FISMA cloud computing assessments of recent years, the FedRAMP process employs information security standards developed by NIST. But the standards are more current (in particular NIST SP 800-53 Rev3, which addresses cloud-specific security issues as well as traditional IT security issues) and the assessments must be performed by a FedRAMP-approved third party assessment organization (3PAO). The U.S. General Services Administration under the FedRAMP program can grant "provisional authorization" to a cloud service, and federal agencies can then leverage that FedRAMP provisional authorization to greatly simplify and shorten the process of granting a final, agency-specific ATO to the service.

The FedRAMP cloud program is still in its early stages, and there currently exist FISMA cloud computing services that have not yet gone through the FedRAMP approval process. Over time though, any cloud services that federal agencies use or want to use will need to go through the FedRAMP process.

Layered Tech: FISMA-Compliant Managed Hosting and Cloud Solutions

Layered Tech is a leading provider of FISMA compliant managed hosting services. For a decade we've been building and hosting solutions that comply with FISMA/NIST security standards, and we provide FISMA compliant managed hosting services for some of the most security-sensitive federal agencies and the solution vendors who serve them. We also support a wide variety of cloud solutions, including private and community clouds, and we will work with you to build FISMA cloud computing solutions that best serve your needs. As long-time FISMA hosting and cloud experts, we are well positioned for the FedRAMP cloud approval process.

Need Help Narrowing the Choices?

Talk to a FISMA Expert about Customizing Your Services

I need:
We respect your privacy No spam
You'll hear from us within 1 business day
Live Chat Contact Us

Get a Free Call with a FISMA Compliance Expert

I need:
No spam We respect your privacy
You'll hear from us within 1 business day
* Required