SBN

Is FedRAMP Criticism Fair?

Author : protegrity

Although FedRAMP has recently been criticized for lacking clarity and efficacy, any attempt to reduce risk to personal information in public or private clouds should be considered worthy in the face of increasing cybersecurity threats.

What Is FedRAMP?

According to FedRAMP.gov, “The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”

FedRAMP has been designed to support the adoption of secure cloud solutions for government entities. This includes providing guidance for authorization, consistent application of proper security controls and a baseline for security assessments and monitoring. Its focus is on Cloud Service Providers (CSPs) and assessment of specific cloud implementations.

How can Protegrity help with FedRAMP compliance?

Protegrity’s data-first approach to protecting sensitive information allows Federal entities to add additional data protection and enforce ‘least privilege’ within FedRAMP certified CSPs. This includes Role Based security policies that enforce fine grained access to the field level (exposing only the field data the user needs to see), or within the field (by showing partially redacted data to users that do not need to see the full value).

Protegrity’s solution covers the full enterprise, so the same level of data-centric controls can be applied to data on-premise and in CSP environments. Additionally, all data access and attempted data access is audited and can be analyzed in real time.

For more information about how Protegrity can help your organization comply with FedRAMP or any other regulatory requirements, please feel free to contact us.

 


*** This is a Security Bloggers Network syndicated blog from Blog – Protegrity authored by protegrity. Read the original post at: https://www.protegrity.com/fedramp-compliance/