Rolling Down the FedRAMP

GSA recently announced the launch of the FedRAMP Tailored Baseline for Cloud Service Providers with Low Impact Software-as-a-Service systems. FedRAMP Tailored aims to support solutions that have low risk and low costs for agencies. This means a streamlined process for a variety of applications. Tailored also standardizes an approach to determine risks associated with cloud applications and provides the government with the freedom to use the cloud while maintaining security.

FedRAMP tailored was open for comment in January and July of 2017. The program provides base security control requirements for industry to meet. Agency authorizing officials are responsible for adding controls where necessary for compliance. GSA believes “The FedRAMP program, including our goals for Tailored, is a key part of issuing an informed, risk-based authority to operate.”

For more information, see the FedRAMP Tailored website. 

Keep it Under Lock and Data Key

GSA officials announced plans to rebrand Special Item Number 520-20 on September 20th. The SIN will act as the official Data Breach Response and Identity Protection Services offering on the Professional Services Schedule. GSA hopes that this move will offer industries and agencies more flexibility and responsiveness.

Ordering offices will “now have the ability to obtain specifically what is needed for their immediate situation,” explained Stephanie Kenitzer, professional services category community manager.

The new SIN offers “identity monitoring and notification of Personally Identifiable Information and Protected Health Information, identity theft insurance and identity restoration services, and protect (safeguard) the confidentiality of PII and PHI.”

The changes will occur with the next solicitation refresh, projected for mid-October.

When a competitive number of vendors are on schedule, GSA plans to swap identity protection services from the current blanket agreements to the SIN.

For more information see the official statement.