Oracle was already on the FedRAMP list I think. AFAIK this is about getting smaller cloud providers approved to host government projects so there’s more options available.
This is about changing the way FedRAMP accreditation is done for any cloud service, like Box (or a new SaaS that you may create tomorrow). The FedRAMP process requires you go through a certain set of audits, meet a certain set of standards, etc., in order to be approved to host CUI (IL4/5) or SECRET (IL6) information.
Normally this can take a lot of time and monetary investment. On one hand, these processes encode cybersecurity best practices. On another hand, it keeps new companies out of the market.
It seems this effort is doing away with a lot of those processes. I hope the level of compliance stays the same.
But why would any agency chooses smaller cloud providers other than Oracle, AWS, Azure and Google? They are the lowest risk selection in terms of responsibility.
Edit: Another comments actually replied it is much more than hosting but cloud services like BOX. I assume even SaaS could fall into this category.
ritwikgupta|9 months ago
Normally this can take a lot of time and monetary investment. On one hand, these processes encode cybersecurity best practices. On another hand, it keeps new companies out of the market.
It seems this effort is doing away with a lot of those processes. I hope the level of compliance stays the same.
tguvot|9 months ago
kaydub|9 months ago
ksec|9 months ago
Edit: Another comments actually replied it is much more than hosting but cloud services like BOX. I assume even SaaS could fall into this category.
Spooky23|9 months ago
cyberge99|9 months ago
justincormack|9 months ago
tguvot|9 months ago