Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update links to fedramp's new home #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update links to fedramp's new home #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ While nothing is completely without risk, federal agencies require systems to re

**FISMA Ready** is a community run project. While 18F is investing resources into starting the community, the intention is to run FISMA Ready via open and collaborative principles, with a diverse group of contributors participating and leading the way forward. We'll soon be posting more about our outreach initiatives and how we intend to moderate and manage the community. Keep an eye on the [18F news feed](https://18f.gsa.gov/news/) for official updates.

If you're looking for systems and components that have received a full cybersecurity assessment by a third-party, GSA provides the [FedRAMP program](http://cloud.cio.gov/fedramp) and a [list of cloud service providers that have achieved an authorization](http://cloud.cio.gov/fedramp/cloud-systems).
If you're looking for systems and components that have received a full cybersecurity assessment by a third-party, GSA provides the [FedRAMP program](https://fedramp.gov) and a [list of cloud service providers that have achieved an authorization](https://marketplace.fedramp.gov/).

## Security, not obscurity

Expand All @@ -24,11 +24,11 @@ Before starting to use FISMA Ready components, implement the following best prac

### Secure your cloud infrastructure

This work presumes the system is deployed on cloud infrastructure that has a [FedRAMP](http://cloud.cio.gov/fedramp) authorization.
This work presumes the system is deployed on cloud infrastructure that has a [FedRAMP](https://fedramp.gov) authorization.

FedRAMP pre-approves cloud infrastructure as meeting NIST controls. Many of the NIST controls assumed the agency still has physical control to the servers, or hypervisor level access.

Increasingly, these controls are instead implemented by [vendors providing Infrastructure as a Service (IaaS)](http://cloud.cio.gov/fedramp/cloud-systems). FedRAMP, along with an accredited third-party assessor, ensures the vendor's controls meet federal guidelines. An example of a FedRAMP control can be found in NIST 800-53 under _PE-2 (2): Physical Access Authorizations - Two Forms of Identification_. In a cloud environment, the agency cannot access the physical servers, so this control must be implemented by the vendor.
Increasingly, these controls are instead implemented by [vendors providing Infrastructure as a Service (IaaS)](https://marketplace.fedramp.gov/#/products?sort=productName&serviceModels=IaaS;IaaS,%20PaaS;IaaS,%20PaaS,%20SaaS;IaaS,%20SaaS). FedRAMP, along with an accredited third-party assessor, ensures the vendor's controls meet federal guidelines. An example of a FedRAMP control can be found in NIST 800-53 under _PE-2 (2): Physical Access Authorizations - Two Forms of Identification_. In a cloud environment, the agency cannot access the physical servers, so this control must be implemented by the vendor.

### Continuous monitoring and a team where everyone is responsible

Expand Down