According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.

Cloud Service Providers (CSP) and FedRAMP

FedRAMP’s defines Cloud Service Provider Partners as “FedRAMP authorized vendors [that] offer cloud services that allow federal agencies to securely and quickly meet their mission needs.”

DevOps Connect:DevSecOps @ RSAC 2022

A CSP that wishes to become FedRAMP-certified must complete the pre-authorization, authorization and post-authorization phases in order to qualify for a High, Moderate, Low or Low-Impact level of SaaS service. FedRAMP certification is key for a CSP wanting do work with U.S. government agencies, as it opens the door to service offerings such as SaaS (Software-as-a-Service), IaaS (Infrastructure-as-a-Service) and PaaS (Platform-as-a-Service), as well as Managed Service (MS).

Blending SaaS and MS

By definition, a SaaS model involves software distribution in which the vendor hosts, manages and keeps its applications up to date for its customer base. SaaS is perfect for agencies that have plenty of staff to utilize the SaaS applications and perform the daily tasks of monitoring and reporting.

Another model that is gaining steam in the cloud very quickly, is the cloud-based MS. Though there are many types of managed services, the most popular type dictates a transfer of the daily IT or application management staff responsibilities from the customer to the vendor CSP. This model is great for agencies that require SaaS tool services but may not have the staff to properly manage the day-to-day requirements of monitoring and reporting.

Tripwire, a traditional software security tools vendor, has just released a set of enhanced security tools that includes both on-premise and SaaS offerings, allowing distribution of software (Read more...)