Why FedRAMP?

March 10, 2016

Network and Information Security.  That’s the stuff many of us hope others are keeping a keen eye on as we go about our day-to-day emailing, launching attachments, clicking random web links.  Our collective thoughts are that a team of experts are steadfastly monitoring most every possible scenario to avoid a data breach that can put good data in bad hands.  The general consensus is that we do not need to think in terms of ‘if’ a data breach occurs, but ‘when’ in fact one does. 

The fight to keep data protected is an ongoing one, and one that the U.S. Government takes quite seriously.  Enter the Federal Risk and Authorization Management Program, (FedRAMP).  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.  This program is the result of deep and meaningful collaboration amongst cognizant Federal groups, as well as private industry organizations, and is designed to raise the standard by which our Federal Government data is managed and protected.
Software vendors who wish to enjoy a relationship with the Federal Government must adhere to these ever-evolving security standards, if only to demonstrate a commitment to the data safeguarding that we as end users have come to demand.
The FedRAMP authorization process is daunting, and requires significant resources, time, and cost to navigate the 3 basics steps in the FedRAMP authorization process, so it makes sense that the companies we work with engage a 3rd Party Assessment Organization (3PAO) that has expertise in navigating the processes. 
The Marick Group has been partners with SAP SuccessFactors and Blackboard supporting learning initiatives with Federal agencies for several years.  Both organizations are required to be certified with the FedRAMP, and each are pursuing FedRAMP certification:
SAP National Security Services Inc. (SAP NS2) – SAP NS2 Secure Node with SuccessFactors Suite
The organization has completed the first step in the FedRAMP compliance process, which means they are officially “FedRAMP Ready”.  They are now navigating the “FedRAMP In Process” phase and are in the final stages, right before they go to “FedRAMP Compliant”
Blackboard
Last August Blackboard partnered with the Army, Medical, Education and Training Campus to (METC) to submit their application.  Blackboard is also in the “FedRAMP In Process” phase.
Stay tuned for the next announcement, when both of these vendors will be “FedRAMP Compliant”.  To check the status of any organization pursuing FedRAMP Certification, or to learn more about FedRAMP, follow this link:  https://www.fedramp.gov/