top | item 43968908

(no title)

This is about changing the way FedRAMP accreditation is done for any cloud service, like Box (or a new SaaS that you may create tomorrow). The FedRAMP process requires you go through a certain set of audits, meet a certain set of standards, etc., in order to be approved to host CUI (IL4/5) or SECRET (IL6) information.

Normally this can take a lot of time and monetary investment. On one hand, these processes encode cybersecurity best practices. On another hand, it keeps new companies out of the market.

It seems this effort is doing away with a lot of those processes. I hope the level of compliance stays the same.

discuss

tguvot|9 months ago

IL 4/5/6 actually add a bunch of additional controls and parameters on top of standard fedramp baselines

kaydub|9 months ago

I'm pretty sure IL4/5/6 are all outside the scope of FedRAMP