FedRAMP to Update Requirements Based on New NIST Revisions
The Federal Risk and Authorization Management Program's cloud service baseline requirements will be adjusted in accordance with the National Institute of Standards and Technology's new revisions on security and privacy controls.
Noblis principal Andrew Lins, a FedRAMP cybersecurity expert, said the FedRAMP program management office will accept public comments on the baseline updates for 90 to 120 days, FedScoop reported Monday.
“We will provide sufficient time to implement and test these updates and provide guidance on many of the new controls, many of which are focused on supply chain," Lins said.
NIST recently released its fifth revision to Special Publication 800-53, which covers security and privacy controls for federal information systems and organizations.
Once public comments have been accounted for, the PMO will publish the final version of the updated baselines, associated documentation and templates, an implementation guide and a compliance timeline.
The PMO said that FedRAMP uses NIST's guidelines and procedures to provide standardized security requirements for cloud services. NIST released the previous revision to SP 800-53 six years ago.
Lins said the PMO will also release Open Security Controls and Assessment Language versions of the baselines in the final draft.
OSCAL is a set of program language formats being developed by NIST to provide a standardized representation for different categories of information pertaining to the publication, implementation and assessment of security controls.
FedRAMP is a government-wide program created to provide a standardized approach to security assessment, authorization and continuous monitoring of cloud products and services.
Category: Popular Voices
Tags: Andrew Lins cybersecurity Federal Risk and Authorization Management Program FedRAMP National Institute of Standards and Technology NIST OSCAL Popular Voices Rev5 security SP 800-53