The Federal Risk Authorization and Management Program, or FedRAMP, issued a draft coordinating document Thursday that looks to further enhance the security of the government’s access to cloud computing.
In collaboration with the Department of Homeland Security, FedRAMP has created an overlay that integrates the Trusted Internet Connection, or TIC, program into its cloud security requirements, allowing agencies to streamline their efforts to secure their data in cloud environments while also securing network connections to the cloud.
Currently, someone wanting to access a federally approved cloud and also comply with TIC has to do so through an agency connection, which either needs to be designated as a TIC access provider or registered as a Managed Trusted IP Service. This creates a significant strain on agency networks while also cutting down on cloud’s inherent advantage: access to files anywhere, anytime or any device.
With these new requirements, FedRAMP and TIC have created a way for mobile users to access the cloud without the need for a TIC access provider or a Managed Trusted IP Service.
Cloud service providers can now prove they are “TIC Ready” along with meeting FedRAMP’s other security requirements, giving agency users the ability to connect to the cloud in a variety of ways.
In a release, FedRAMP was specific in saying that this overlay is a “first step,” and the office, as well as DHS, will be working to vet the requirements and make any necessary updates.
FedRAMP will be taking feedback on the requirements until May 2.
Find the new draft overlay on the FedRAMP