FedRAMP allows 3PAOs to undertake remote assessments of data centers due to Covid-19

Third Party Assessment Organizations won't have to travel to cloud facilities

The US government's Federal Risk and Authorization Management Program will let data centers be assessed remotely.

FedRAMP provides a standardized approach to security assessment for cloud services, with government agencies using the FedRAMP Marketplace to purchase cloud products.

But to ensure cloud providers meet the security requirements, Third Party Assessment Organizations (3PAOs) test the companies' offerings, including visiting the data center.

"These assessments are usually performed onsite, including the physical and environmental controls provided by data centers housing CSPs’ information technology resources," FedRAMP said.

"Due to the current safety guidelines from the Centers for Disease Control and Prevention (CDC) for Covid-19, however, 3PAOs may be permitted to perform the testing of certain data centers remotely."

The 3PAO will have to ask for permission from the Authorizing Official or a delegated party to perform remote testing.

"All remote testing must be explicitly detailed in the Security Assessment Plan (SAP) as well as any test cases used and any modifications to the test cases that were made to facilitate the remote testing."

The strategy will be periodically revisited, and likely scrapped once Covid-19 subsides.

FedRAMP allows 3PAOs to undertake remote assessments of data centers due to Covid-19

Further reading

CEEDA goes global

CBO finds FedRAMP Authorization Act would cost $100m over 5 years

FedRAMP certifies AWS, Azure and Autonomic for secure US services

Tags

The make vs. buy decision for data center infrastructure management software – A clear choice

2023 Data Center Market Trends: Hong Kong Asia's Connectivity Hub

Emerging Energy Storage Technologies

Success story: Kao Data and Cadence