FedRAMP Compliance

nCipher Security assists with data security compliance and encryption for FedRAMP.

Americas Map

Regulation

Active now

FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. nCipher helps Federal Government agencies and their suppliers meet these FedRAMP compliance standards.

FedRAMP Goals

According to FedRamp.Gov the goals of the program are as follows:

  • Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
  • Increase confidence in security of cloud solutions
  • Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval in or outside of FedRAMP
  • Ensure consistent application of existing security practice
  • Increase confidence in security assessments
  • Increase automation and near real-time data for continuous monitoring
Key Processes

Also according to FedRamp.Gov, FedRAMP authorizes cloud systems in a three step process:

  • Security Assessment: The security assessment process uses a standardized set of requirements in accordance with FISMA using a baseline set of NIST 800-53 controls to grant security authorizations.
  • Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant a security authorization at their own agency.
  • Ongoing Assessment & Authorization: Once an authorization is granted, ongoing assessment and authorization activities must be completed to maintain the security authorization.

Research and Whitepapers : Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications

By Securosis analysts and industry experts, Rich Mogull, CEO and Adrian Lane, CTO.

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service)....

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More
Contact a Compliance Specialist Contact Us
Want to be part of our team? Explore
Get in contact with a specialist Contact Us