FedRAMP: Moving Federal Government Agencies to the Cloud

White Paper

Like organizations in the commercial sector, government agencies are turning to cloud-based solutions to support information sharing across the enterprise in a more cost-effective, scalable and secure manner. This shift is due in part to the U.S. Government’s “Cloud-First” initiative. Issued in 2010, this policy aims to help federal agencies more rapidly realize the value of cloud computing by requiring them to adopt secure cloud solutions when investing in new technology and software solutions.

However, the transition to the cloud has been slower than expected. Although cloud solutions promise a lower cost of ownership and greater flexibility, many agencies struggle with the procurement and management of cloud solutions, and express concerns over securing these environments. Moreover, these agencies must perform their own risk assessment for every cloud service they acquire. This has led to redundant, inefficient and inconsistent security evaluations. At the same time, agencies are dealing with stagnant or shrinking IT budgets and therefore must move to the cloud faster than anticipated. Fortunately, help is available by the way of FedRAMP.

FedRAMP provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

WHAT IS FedRAMP?

To support the Cloud-First initiative and facilitate the move to cloud computing, the U.S. Government created The Federal Risk and Authorization Management Program (FedRAMP). A government-wide initiative, FedRAMP provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.

FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DoD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

HOW DOES FedRAMP WORK?

FedRAMP drives agency cloud adoption by providing cloud service providers (CSPs) with a single accreditation that is usable by all federal agencies. By selecting a CSP that provides cloud solutions with a FedRAMP SaaS-level certification, agencies are assured that the required security standards are met, saving them time and money. The FedRAMP approach employs a “do once, use many times” framework that saves an estimated 30 to 40 percent of government costs. It also reduces both time and staff required to perform redundant agency security assessments.

FedRAMP SaaS-LEVEL COMPLIANT SHAREPOINT ECM SOLUTIONS

Although FedRAMP was created to facilitate the move to the cloud, many agencies are not sure where to begin or what level of FedRAMP certification (IaaS, PaaS or SaaS) is needed to be in full compliance. This is especially true when it comes to migrating to, or deploying enterprise content management (ECM) systems – such as Microsoft SharePoint and its integrated suite of products – in a FedRAMP SaaSlevel cloud.

To make the migration as smooth as possible, a knowledgeable SharePoint consultant can guide you through each step of the process, from choosing a FedRAMP-certified CSP, to selecting the right SaaS-level compliant FedRAMP cloud, to integrating third-party applications, to training your agency’s users. As a result, you will end up with a complete, scalable, highly secure and FedRAMP-compliant ECM solution in the cloud. The solution will provide you with new process efficiencies, greater collaboration and additional cost savings, while allowing you to focus on more mission-critical tasks.

DOCPOINT SOLUTIONS – YOUR TRUSTED FedRAMP SOLUTION PROVIDER

DocPoint Solutions, Inc., a leader in the implementation, customization, training and support of SharePoint solutions and its integrated suite of products, provides FedRAMP SaaS-level compliant cloud solutions. Drawing from more than 15 years of experience serving the public sector, we can work with your agency to deliver FedRAMP-compliant solutions that meet your specific business requirements, while following the Cloud-First initiative and FedRAMP mandate. Whether you are looking to move an on-premises SharePoint deployment into a Microsoft Azure Cloud, add workflows or e-Signatures to your solution, or obtain a certified CSP cloud recommendation, DocPoint can provide the resources and expertise needed to guide you towards compliance. To further streamline this initiative, all of these services are available on DocPoint’s GSA Schedule.

BENEFITS OF WORKING WITH A FedRAMP CERTIFIED CLOUD SERVICE PROVIDER (CSP)

  • Increase re-use of existing security assessments across multiple agencies.
  • Save significant costs, time and resources using a “do once, use many times” framework.
  • Improve real-time security visibility.
  • Provide a uniform approach to riskbased management.
  • Enhance transparency between government and CSPs.
  • Improve the trustworthiness, reliability, consistency and quality of the federal security authorization process.

Source: FedRAMP.gov