Skip to main content
Image
purple hex pattern

Data security compliance and encryption for FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Entrust helps Federal Government agencies and their suppliers meet these FedRAMP compliance standards.

Regulation

FedRAMP Goals

According to FedRamp.Gov, the goals of the program are as follows:

  • Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations
  • Increase confidence in security of cloud solutions
  • Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for cloud product approval in or outside of FedRAMP
  • Ensure consistent application of existing security practice
  • Increase confidence in security assessments
  • Increase automation and near real-time data for continuous monitoring

Key Processes

Also according to FedRamp.Gov, FedRAMP authorizes cloud systems in a three step process:

  • Security Assessment: The security assessment process uses a standardized set of requirements in accordance with FISMA using a baseline set of NIST 800-53 controls to grant security authorizations.
  • Leveraging and Authorization: Federal agencies view security authorization packages in the FedRAMP repository and leverage the security authorization packages to grant a security authorization at their own agency.
  • Ongoing Assessment & Authorization: Once an authorization is granted, ongoing assessment and authorization activities must be completed to maintain the security authorization.

Resources

Brochures: Entrust nShield HSM Family Brochure

Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.

HIPAA | HITECH

For electronic health information security and the timely disclosure of data breaches