The US Government’s Cloud Computing initiative has received a latest update from the Federal Risk and Authorization Management Program ( FedRAMP). And as per the latest, all cloud services providers should follow security baselines as per the formulations prescribed by the National Institute of Standards and Technology (NIST).
Based on the NIST’s Fifth Revision (Rev5) under the Publication 800-53, the Program Management Office (PMO) related to FedRamp has drafted new baselines based on the considerations related to low, moderate and high-impact security levels.
NIST has reviewed all cloud security policies last month and based on its analysis, it has determined various standards that have to be adhered while storing data on public platforms, while storing personal identifiable information on cloud platforms and what are the consequences if the information gets exposed.
The Public has been assigned the task to comment on the recommendations in a 90-12 period time frame after which the new guidelines will be published in the PMO website after which the agency will indulge into testing with few of the CSPs.
Note 1- Almost 6 years ago, NIST released Rev4 guidelines to be followed while adopting cloud products and systems, and the Rev5 is a follow up with slight changes.
Note 2- FedRamp acts as a US Government planned a program that helps in security assessing, authorizing and monitoring cloud products and services.
Note 3- NIST is a nonregulatory agency belonging to United States Department of Commerce and has a mission to provide industrial competitiveness with innovation. And between 1901-1988, the agency was named as the National Bureau of Standards.