U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Skip to page content

FedRAMP Weekly Tips & Cues – November 9, 2016

Many of our cloud service providers (CSPs), federal agencies, and third party assessment organizations (3PAOs) often share common issues and questions when going through the FedRAMP process. To help guide our stakeholders, we will be providing weekly tips and address frequently asked questions and concerns.

Email us potential tips and questions that you would like published as a tip.

Cloud Service Providers (CSPs)

Question:

Why should CSPs spend time and money developing high quality documentation when their goal is to become FedRAMP Authorized?

Answer:

FedRAMP requires quality documentation (i.e., documentation that is clear, concise, consistent, and complete) to provide an accurate description of the risk posture of a cloud system. This, in turn, reduces an Agency’s level of effort to reuse an Authorization Package. Quality documentation also pays for itself by minimizing costly rework and time consuming delays caused by clarifying misunderstandings and waiting for missing documentation.

FedRAMP requires CSPs to spend as much time writing and editing the documentation as they do engineering the security.

Hand pushing a cloud icon.

Federal Agencies

Question:

How do security controls impact Quality of Service (QoS) of an application or system?

Answer:

Quality of Service (QoS) and security are interrelated. The implementation of security controls must be thoughtfully considered and deployed/implemented so as to not adversely impact an application’s or system’s QoS. This is important because improperly thought-out or excessive security controls can impact QoS. The CSP must plan the “right” amount of security as it pertains to the system performance and financial considerations.

This post was originally published on the FedRAMP blog.

Tags: ,

GitHub LogoEdit
Top