Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes to get approved.
The FedRAMP program management office has tried to address both over the last few years, most recently introducing the Tailored program for low-impact, software-as-a-service offerings last month.
But now the program management office is concerned that many of those advances could be at risk with the updated security controls from the National Institute of Standards and Technology.
In its public comments about NIST Special Publication 800-53, Revision 5, FedRAMP said the move from Revision 4 to Revision 5 could cost millions of dollars across the cloud service providers, third-party certifiers and the federal Joint Authorization Board (JAB) to update the approved cloud services and related standards.
Doug Barbin, a principal and cybersecurity leader for Shellman and Company, a 3PAO, said in an interview with Federal News Radio that while privacy was always a part of Rev 4 and previous revisions, Rev 5 brings in more of the generally accepted privacy requirements, policies and guidelines for information sharing.
Read more: federalnewsradio.com