Note: our cloud solution, Collabspace, has met both FedRAMP-High and is in process for Moderate with the JAB. Read more about it.
When looking to implement cloud software, choosing a solution that has earned FedRAMP® High certification ensures thorough security measures have been met to validate your stored data is being properly protected by both the software and team behind it.
This article will discuss FedRAMP High certification and its value, including:
The U.S. Federal Risk and Authorization Management Program (FedRAMP) was developed by the General Services Administration (GSA) as a standardized security and risk assessment for cloud technologies.
The goal of FedRAMP is to increase the use of secure cloud technology by government agencies. Prior, federal government agencies would have to complete their own lengthy investigations before implementing new software.
FedRAMP assesses cloud software using the National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations. This assessment ensures that each Cloud Service Provider (CSP) is taking appropriate security measures within their software and operations. After a thorough assessment and authorization process, the software is certified and listed in the FedRAMP Marketplace. This enables the federal government to accelerate their adoption of secure cloud computing in a more efficient, cost-effective and risk-averse way.
FedRAMP follows the Federal Information Processing Standard (FIPS) 199, which are standards for categorizing information and information systems. FIPS outlines three impact levels across three security categories: Confidentiality, Integrity and Availability.
These levels correlate with data impact. The FedRAMP site describes FedRAMP Low as ‘most appropriate for [organizations] where loss of any of the three security measures would have limited adverse effect on the agency’s operations, assets or individuals.’
Meanwhile, for High Impact industries, any loss of confidentiality, integrity or availability of their data would have a severe adverse impact on the organization, its employees, clients and/or patients.
High Impact Level industries may include a variety of federal government agencies including law enforcement, healthcare, financial, and any other organization with sensitive data that require a stringent level of security.
Indeed, due to the comprehensive and thorough controls that must be met (see next section), the FedRAMP level of certification is one of the highest security standards a cloud solution can achieve.
FedRAMP High also creates an umbrella certification for every level, meaning that it’s the highest certification for FedRAMP and provides coverage for both Low and Moderate Impact level industries that desire an extra level of protection and compliance.
To reach full FedRAMP High authorization, a CSP must undergo several assessments, a thorough authorization process and then continued maintenance to ensure over 400 security controls are being met. These controls fall under 17 categories that we’ve listed below. More information on each category can be found in the FedRAMP System Security Plan (SSP).
As mentioned, FedRAMP High provides a standardized approach for assessing and certifying cloud service providers who deliver security measures to a certifiable degree. This…
Since FedRAMP Marketplace publicly lists every certified solution, their sector and level, this approach has made making these approved cloud solutions easily available and accessible for interested agencies and organizations. For example, our cloud solution, Collabspace, is listed as a FedRAMP Ready High Cloud vendor, having achieved an upgraded security stage to FedRAMP® In Process High Impact status.
Collabspace is currently listed as the only SaaS Cloud vendor for archive, discovery and records management solutions with the FedRAMP® In Process High Impact status. If your organization requires a cloud solution to securely archive your data or meet the M-19-21/M-23-07 mandate, Collabspace is certified for NARA’s Universal Electronic Records Management (Universal ERM) requirements and available for purchase via GSA Advantage.
To learn more, contact us with any questions, read our article about achieving FedRAMP Ready High, or download our brochure to read about the additional measures we’ve taken to ensure Collabspace protects your data:
We've shared our whole journey of achieving FedRAMP status for our cloud solution Collabspace, including achieving In Process High Impact status, being prioritized by the Joint Advisory Board (JAB), and Collabspace getting the FedRAMP High authorization (while being in progress for Moderate!). More to come!