By Jamie Graf
CSPs providing Low-Impact Software-as-a-Service (LI-SaaS) products can take advantage of a FedRAMP Tailored authorization for a streamlined approach to compliance. The FedRAMP Tailored authorization is for low-risk applications such as collaboration tools, project management applications, and tools that help develop open-source code.
FedRAMP Tailored was designed to make low-risk applications available to US federal agencies using targeted compliance by tailoring the controls required for authorization, as explicitly allowed within NIST SP 800-53 Revision 4.
While FedRAMP Tailored offers time and cost savings for LI-SaaS product and service providers, the path to authorization still presents challenges for CSPs. Yes, the number of controls has been reduced and documentation requirements have been simplified into a single document, but CSPs must complete the required controls, write the documentation, and most importantly, be clear about how they implement inherited controls.
After achieving authorization, CSPs must continuously monitor security, report any breaches to sponsoring agencies in a timely manner, and schedule and perform annual assessments. Like other compliance initiatives, FedRAMP Tailored represents a sustained security initiative requiring dedicated resources that CSPs may struggle to provide in-house.
To learn more about FedRAMP Tailored and how third-party advisory and assessment services can help CSPs achieve authorization more effectively, download SecureIT’s FedRAMP Tailored eBook for LI-SaaS success.