The Security and Compliance Experts
Sales: 855-623-8329


The FISMA Cloud Moves Up the FedRAMP

Cloud computing has been front and center in recent U.S. federal thinking about information technology. As highlighted by the Cloud First policy issued in late 2010, the federal government is serious about moving its IT operations to the cloud in cases when doing so can save money and enhance service agility while still ensuring information security. For cloud service providers (CSPs) wanting to compete for federal business, it's important to understand the information security requirements of federal clients – particularly, the requirements of a "FISMA cloud" and the role of the recently launched FedRAMP program.

The Emergence of the FISMA Cloud

The Federal Information Security and Management Act of 2002 (FISMA) is the primary law governing how federal agencies ensure the security of information systems that they operate or that contractors operate on their behalf. The head of each agency is required each year to verify to the Office of Management and Budget (OMB) that the agency's IT workloads, whether on-premise or hosted off-premise, comply with a series of security standards developed by the National Institute of Standards and Technology (NIST) in support of the FISMA legislation.

As federal agencies initially grew interested in cloud computing several years ago, a demand emerged for FISMA cloud computing. A FISMA cloud is a private or federal-only community cloud that has gone through the FISMA certification and accreditation (C&A) process and been granted an authorization to operate (ATO) by one or more federal agencies. A FISMA cloud must be hosted in a FISMA compliant data center, and be subjected to yearly independent assessments to ensure ongoing FISMA compliance.

FedRAMP Ramps Up

Most recently, federal cloud activity has centered around the Federal Risk and Authorization Management Program (FedRAMP). Launched in 2011, the program aims to do away with the inefficiencies of having each federal agency go through the FISMA cloud certification process from scratch when procuring clouds services, even when multiple agencies are using the same FISMA cloud. Instead, the FedRAMP cloud program empowers the U.S. General Services Administration to grant cloud services a "provisional authorization", based on successfully completing a FedRAMP assessment process. Individual agencies can then use this FedRAMP provisional authorization as a short-cut to issuing their own agency-specific ATO for a particular cloud service.

The FedRAMP program is in its early stages, and currently is prioritizing assessment of existing FISMA cloud services that are already operating under federal ATOs. This will facilitate reuse of these FISMA cloud services by other federal agencies.

Look to Layered Tech for FISMA Compliant Managed Hosting and Cloud Solutions

Layered Tech provides FISMA compliant managed hosting solutions to more than half of the cabinet level federal agencies, including the Departments of Justice, Energy, and Treasury. For a decade we have built and operated a variety of environments and solutions that maintain strict FISMA compliance year after year. As experts in cloud computing as well as FISMA compliance, we will work with you to develop a FISMA cloud solution ideally suited to your needs. As an established leader in FISMA hosting solutions, we are well positioned to go through the FedRAMP assessment process.

Learn more about how Layered Tech can develop FISMA cloud solutions for your organization.

Need Help Narrowing the Choices?

Talk to a FISMA Expert about Customizing Your Services

I need:
We respect your privacy No spam
You'll hear from us within 1 business day
Live Chat Contact Us

Get a Free Call with a FISMA Compliance Expert

I need:
No spam We respect your privacy
You'll hear from us within 1 business day
* Required