HIPAA/HITRUST Azure Clouds

Healthcare Cloud Migration

Azure Managed Services

Microsoft CSP Cloud-Ops

Project Online Cloud-Ops

Dynamics 365 Cloud-Ops

Office 365 Cloud-Ops

FedRAMP for Commercial

Managed/Admin Services

Project Hosts Pricing

ISV / Partner Advantages

Custom Cloud Solutions

FedRAMP Private CloudFedRAMP Security for the Private Sector 

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 

While FedRAMP has gained a large and growing following among federal and state government agencies, including the Department of Defense, Health and Human Services, the Treasury Department and many others, FedRAMP is now making significant inroads in the private sector, specifically in commercial enterprises. 

“FedRAMP has not only caught the attention of government agencies, but also private sector cloud service buyers.”  Information Week, Government Issue

Based on the NIST baseline controls defined in NIST SP 800-53 rev4 for low and moderate systems, FedRAMP brings this security standard into the cloud, enabling organizations to essentially to comply with NIST security standards by way of  FedRAMP compliant community/private cloud environment. FedRAMP additional controls address the unique elements of cloud computing to ensure all data is secure in cloud environments.

Security Standards Designed for Clouds

FedRAMP takes all the security requirements agencies had to follow for their conventional IT systems and "extends those controls specifically for cloud computing," says Melvin Greer, a chief strategist at Lockheed Martin. More important, "FedRAMP has codified security," Greer says. "It has detailed what we mean when we say cloud security." It also makes it easier for acquisition staffs to buy cloud services because "they can be assured services from FedRAMP-approved providers will meet all of their requirements."1

Driving the demand for FedRAMP compliant clouds in the private sector is the need to secure critical business data from unauthorized access or theft.  This is especially important for organizations that must comply with specific industry mandates such as the Heath Care Industry’s HIPAA requirement to fully product patient data.  

Information Security Levels

Similarity, private enterprises are now defining their “information security levels” and specifying the level of security required for each of their cloud-based applications an associated data. In the same fashion that FedRAMP classifies information security levels for confidentiality, integrity and availability into “low impact,” “moderate impact,” and “high-impact,” categories, private enterprises are doing the same. Here’s a brief video of the FedRAMP Director describing information security levels for government agencies. 

While the definition of what “high-impact” means for a private enterprise may differ from that of a government agency, the goal is the same – to ensure that the organization’s most critical information is fully secured.  Critical information with “high-impact” ratings in the government usually means data, if accessed or stolen, may result in life-threatening situations or financial ruin.  

Within enterprises, “high-impact” or “critical data” as it is more commonly referred to includes:

“Moderate” and “Low” impact data can also be fully secured by FedRAMP and includes elements such as: 

The chart below highlights the holistic security elements covered by FedRAMP authorization, as compared to NIST and ISO 27001 security standards. 

FedRAMP SaaS-Level Compliant Solutions

Project Hosts offers FedRAMP SaaS-level compliant cloud solutions that support 100% of the security controls required to meet this standard. Our Federal Private Cloud for Windows and Linux Applications (FPC) uses Azure infrastructure and delivers popular Microsoft solutions as well as applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management.  For more information on these solutions you can visit our FedRAMP Cloud Solutions page. 

 

  ISO Cloud NIST 800-53 FedRAMP DoD IL 4
SECURITY SERVICES ISO 27001 NIST 800-53 FedRAMP DoD IL 4
Total number of security controls ~ 125 ~ 200 ~ 325 ~ 370
Network firewall
Enterprise malware protection
Network-based intrusion detection
Remote access gateway
Backup, recovery, DR with annual tests
Incident response with annual tests
Security patching and updating
Annual ISO 27001 compliance audits
Host-based firewalls
Web application proxy in DMZ  
SIEM for centralized log correlation  
Multifactor authentication for admins  
OS & DB vulnerability scanning  
Web app vulnerability scanning  
Multifactor authentication for all users    
Monthly CIS compliance updates    
Annual penetration testing    
Annual FedRAMP compliance audits    
Government-only community cloud     G*
Encryption of data at rest      
Host-based intrusion detection      
Monthly STIG compliance updates      
Access Via DoD NIPRNet (not the Internet)      
Annual DISA compliance audits      

G* - U.S. Government Customer Only

       

 1 - Information Week, Government Issue 2014


"…many organizations have needs for deep customization, white-glove services, or support for complex models like hybrid hosting. For these customers, Project Hosts' PPM Custom Cloud offers a great option."

Ludovic Hauduc, General Manager of the Microsoft Project Business Unit
Some of Our Clients
Microsoft Partner
Gold Cloud Platform certification
Gold Hosting
Gold Project and Portfolio Management
Silver Collaboration and Content
Silver Data Analytics
Project Hosts twitter    Project Hosts Linkedin    Project Hosts Google+    Project Hosts Blog