FedRAMP Seeks Comments on White Paper on Threat-Based Authorization Approach

FedRAMP Seeks Comments on White Paper on Threat-Based Authorization Approach

The Federal Risk and Authorization Management Program management office released a white paper that outlines a threat-based scoring approach for authorization processes and asked for industry feedback and comments.

The approach was jointly developed with the Cybersecurity and Infrastructure Security Agency to score each security control item under the fourth revision of the National Institute of Standards and Technology's Special Publication 800-53 against the second version of the National Security Agency Central Security Service's Technical Cyber Threat Framework, the FedRAMP program management office said Wednesday.

FedRAMP aims to help cloud service providers, industry partners and government agencies focus on security controls that are relevant against current threats.

The program encourages the public to send their comments through email in line with the methodology.

The Office of American Innovation conducted a study in 2017 in an effort to validate the viability of a modular approach on authorizations.

The study noted that a defensible methodology that focuses on security controls is required to support an agile authorization approach.

You may also be interested in...

Gray Eagle ER UAS

General Atomics Demos Gray Eagle UAS for JTAC Operations

General Atomics’ aeronautical systems business assessed how the Gray Eagle Extended Range unmanned aircraft system could help advance sensor-to-shooter capabilities during a technology demonstration in late April at Yuma Proving Grounds in Arizona. A joint terminal attack controller captured the sensor field of regard, video and aircraft location using an Android Team Awareness Kit and digitally transmitted ‘call for fires’ on various targets by controlling the electro-optical/infrared sensor aboard the Gray Eagle platform during the April 23 demo.

Booz Allen Hamilton

Booz Allen Signs Up for Global Radio Network Access Consortium

Booz Allen Hamilton has become one of the industry members of the O-RAN Alliance, which promotes interoperability and openness in radio access network architectures. The company said Thursday it will support the RAN industry's efforts to integrate and secure networks through membership in the global consortium.


Box to Provide HHS With Cloud Content Management Platform

The Department of Health and Human Services will use a Box Inc.-developed cloud content management technology in an effort to ensure security and privacy of sensitive information during health services delivery and to identify new ways to work in the cloud.