- Federal agencies need to ensure they are meeting federal IT security requirements, but that can be difficult to determine when using cloud services, according to a report from the Federal Times.
- To check that requirements are being met, the Federal Risk and Authorization Management Program (FedRAMP) recently ran a pilot with Amazon Web Services to test its security controls map to the Trusted Internet Connection (TIC) efforts, according to Federal Times.
- In a whitepaper, AWS explained how the pilot helped the organization decide the appropriate delegation of responsibilities in the relationship between cloud service providers and federal agencies.
Using the overlay as a guideline, CSPs improve efficiency and traffic flow while meeting security requirements. Federal agencies are very sensitive about protecting their data, with reason. Programs similar to AWS' could help agencies continue to move to the cloud, potentially alleviating some of their existing security concerns.
During the test, AWS and a third-party assessment organization found 80% of TIC requirements were already part of AWS’s current FedRAMP authorization.
“It’s a very important step because the traditional way people have tried to meet the TIC requirements is to think of it terms of traffic filtering at the edge of a private federal network,” AWS Public Sector Chief Solutions Architect Mark Ryland said, according to the Federal Times. “And yet the requirements are stated more generally. So what this overlay program does is show alternative ways to meet the requirements that still allow for the flexibility and scale of cloud computing.”