Today I'd like to shed some light on the status and processes involved for one of these solutions as it moves forward on achieving FedRAMP® Authorization-Cisco Defense Orchestrator.
Moving forward on FedRAMP. Cisco has made great progress in moving a variety of our solutions through the FedRAMP process.
Created to encourage use of cloud computing, FedRAMP serves to streamline the exchange of information and accelerate services within federal agencies, plus improve their interaction with the public.
In 2023, the FedRAMP Authorization Act was passed, codifying the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud products and offerings.
FedRAMP Authorization can be pursued with an individual agency sponsor or multi-agency authorization.
After the successful completion of a kickoff meeting with NIH on February 22, 2024, CDO achieved the In Process status on the FedRAMP Marketplace.
The first authorization step is a full security assessment by a certified 3PAO. Before this assessment, Cisco completed the Site Security Plan and reviewed it with NIH. Schellman Compliance, LLC is the 3PAO responsible for the Security Assessment Plan for CDO and the Security Assessment Report that will document test findings and suggestions relevant to attaining FedRAMP Authorization.
Once the 3PAO assessment is finished, Cisco develops a Plan of Action and Milestones outlining the plan to address the test findings in the SAR. Authorization Step 2: Agency Authorization Process.
The second authorization step is Agency Authorization, in which NIH will review the complete authorization package and may hold a SAR debrief with the FedRAMP Project Management Office.
At this point, CDO will have agency authorization to operate but still require review by the FedRAMP PMO to be included in the FedRAMP Marketplace.
When finished, the FedRAMP PMO will update the Marketplace listing to reflect FedRAMP Authorized Status and the date of Authorization.
The security package will then be made available to agency information security personnel, who can issue subsequent ATOs, by completing the FedRAMP Package Access Request Form.
Once CDO receives Authorization status in the FedRAMP Marketplace, it will enter a continuous monitoring phase to ensure ongoing protection of the system and government data.
Cisco will make use of the FedRAMP secure repository to upload continuous monitoring content for all agencies that deploy CDO to review.
Cisco is leveraging the Cisco Federal Operational Security Stack as a core component of the CDO FedRAMP process to speed future FedRAMP development and assessments.
The Cisco Fed Ops Stack is a centralized set of tools and services that cover approximately 50% of FedRAMP Moderate requirements.
Once Fed Ops Stack has received authorization to operate, along with CDO, Cisco can leverage these shared services in future SaaS products to make audits and continuous monitoring simpler for Cisco and federal agencies.
Our team at Cisco is fully committed to getting CDO FedRAMP compliant, so federal agencies can simplify their management of distributed security policies.
Watch for more updates as we get closer to full FedRAMP Authorization for CDO, the Cisco Fed Ops Stack, and additional SaaS offers from Cisco.
For additional details on the FedRAMP process, I encourage you to read Will Ash's blog on mapping the FedRAMP journey for Cisco Umbrella for Government.
This Cyber News was published on feedpress.me. Publication date: Sun, 02 Jun 2024 16:13:05 +0000