|Tips and Cues Many of our Cloud Service Providers (CSPs), Federal Agencies, and Third Party Assessment Organizations (3PAOs) often share common |
The FedRAMP PMO just completed our most recent round of FedRAMP Connect, the process where Cloud Service Providers (CSPs) are prioritized to work with the Joint Authorization Board (JAB). CSPs that are selected to work with the JAB submitted business cases to the PMO in order to showcase the high demand for their cloud offering across the federal government and demonstrate their security readiness for the JAB process.
Before finalizing our prioritization decision, FedRAMP presented and vetted our analysis with the CIO Council, GSA’s Office of General Counsel (OGC), and the JAB CIOs and Technical Representatives. The focus of this process is to choose the CSPs that offer services that will benefit the widest variety of Agencies across the Federal Government.
We are delighted to announce that we’ve selected the following four vendors to be prioritized by the JAB.
- Human Resources Technologies, Inc. (HRTec) – FedHIVE (High)
- Jive Software – JiveGuard (Moderate)
- Medallia – Medallia GovCloud (MGC) (Moderate)
- TTEC Government Solutions – Humanify-G -CCaaS (Moderate)
Congratulations, HRTec, Jive, Medallia, and TTEC! The FedRAMP PMO looks forward to working with you through this process.
As we communicated in our JAB Prioritization Criteria and Guidance document, we accept business cases on a rolling basis and will have cut off dates quarterly (shared on our JAB Authorization webpage). Our next cut off date for FedRAMP Connect business cases will be on April 12th.
As always, the PMO is available for informational and coaching call to help CSPs prepare for FedRAMP Connect. If you have any questions or would like to set up a phone call, please e-mail firstname.lastname@example.org for more information.
|Federal Agencies Q: Once a Deviation Request (DR) has been submitted for downgrading risk from High to Moderate, should CSP create a new POA&M ID and another separate DR for downgrading risk from Moderate to Low? A: The original detection of the vulnerability POA&M ID should remain separate from the adjusted risk. CSPs should also maintain separate DRs. For tracking purposes, the ConMon team would need another DR submitted by the CSP.|