FedRAMP PMO Releases First Set of 3PAOs

Late today the FedRAMP Program Management Office released the first list of certified Third Party Assessment Organizations (3PAOs). These companies are accredited to perform initial and periodic assessment of cloud service provider (CSP) systems per FedRAMP requirements, provide evidence of compliance, and play an on-going role in ensuring CSPs meet requirements.  FedRAMP provisional authorizations must include an assessment by an accredited 3PAO to ensure a consistent assessment process. he initial set of 3PAOs announced today are (see http://www.gsa.gov/portal/content/131991):

Organization	POC Name	POC Email
COACT, Inc.	Brian Pleffner	bpleffner@coact.com
Department of Transportation (DOT) Enterprise Service Center (ESC)	Douglas Holland	doug.holland@faa.gov
Dynamics Research Corporation (DRC)	Preston Gale	pgale@drc.com
J.D. Biggs and Associates, Inc.	James Biggs	james@jdbiggs.com
Knowledge Consulting Group, Inc.	Sherrie Nutzman	sherrie.nutzman@knowledgecg.com
Logyx LLC	Robert Dumais	rdumais@logyx.com
Lunarline, Inc.	Waylon Krush	waylon.krush@lunarline.com
SRA International, Inc.	William Bell	will_bell@sra.com
Veris Group, LLC	Douglas Greise	dgreise@verisgroup.com

In becoming a 3PAO, these companies successfully completed a NIST coordinated conformity assessment process. This conformity assessment process qualifies 3PAOs according to two requirements:

• Independence and quality management in accordance with ISO standards
• Technical competence through FISMA knowledge testing

( Thank you. If you enjoyed this article, get free updates by email or RSS - KLJ )

FedRAMP Releases Updated Security Assessment Plan Templates

Last week the GSA FedRAMP Program Office released the latest version of the cloud computing Security Assessment Plan (SAR) template.  This document is the most recent step toward the Federal governments goal of establishing FedRAMP initial operating Capability by June 2012.

The Federal Risk Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Cloud Service Providers (CSP). Testing security controls is an integral part of the FedRAMP security authorization requirements and enables Federal Agencies to use the findings that result from the tests to make risk-based decisions. Providing a plan for security control ensures that the process runs smoothly. This document has been designed for CSP Third-Party Independent Assessors (3PAOs) to use for planning security testing of CSPs. Once filled out, this document constitutes a plan for testing. Actual findings from the tests are to be recorded in FedRAMP security test procedure workbooks and a Security Assessment Report (SAR).

This release also includes templates for:

• Information Technology Contingency Plan 
• Control Implementation Summary (CIS)
• eAuthentication
• Plan of Action and Milestones (POA&M)
• Rules of Behavior
• Privacy Threshold Analysis and Privacy Impact Assessment
• Security Assessment Plan; and
• FedRAMP System Security Plan

( Thank you. If you enjoyed this article, get free updates by email or RSS - KLJ )

NJVC® and Gravitant® Announce New Strategic Alliance: Partnership to Benefit Federal Agencies with Powerful Provision and Management of Cloud Services that Unify Multiple Providers

Vienna, Va., April 4, 2012 — NJVC®, one of the largest information technology solutions providers supporting the U.S. Department of Defense, and Gravitant®, a provider of cloud brokerage and management solutions for IT enterprises, announce a new strategic alliance. Under the terms of the partnership, the two companies will launch a cobranded cloud portal later this spring designed specifically to support the federal government’s planning, provisioning and management of cloud services across multiple providers.


“The consulting and business development expertise of NJVC and the software product line of Gravitant have great synergy,” said Kevin Jackson, NJVC vice president and general manager, cloud services. “NJVC government customers will now have one centralized place for all their cloud needs, and can rest assured that the underlying tools of the soon-to-be-announced portal will constantly optimize the cloud in their favor.”
The cobranded cloud portal will provide government customers access to existing Gravitant infrastructure-as-a service products (e.g., cloudScreen™ and cloudMatrix™). Under the terms of the agreement, NJVC will be the official supplier of the portal to federal customers, and will offer product-related consulting services, and its proven expertise and thought leadership in government cloud adoption and management for these highly secure and demanding IT environments.
“The cloud portal in essence will offer command and control for federal IT customers,” said Dr. Ilyas Iyoob, Gravitant director, advanced analytics. “Now CIOs and CTOs will be able to monitor the entire IT infrastructure on a ‘single pane of glass’ and leverage the power of predictive analytics to identify and resolve potential bottlenecks ahead of time. This will increase the agility of NJVC federal customers in meeting their mission requirements, and greatly minimize their operational and financial risks.”

###
About NJVC®

With a focus on information technology automation, NJVC specializes in supporting highly secure, complex IT enterprises in mission-critical environments, particularly for the intelligence and defense communities. We offer a wide breadth of IT and strategic solutions to our customers, ranging from strategic consulting to managed flexible services in five business areas: Cloud Services, Cyber Security, Data Center Services, IT Services and Print Solutions. Our global workforce includes dedicated and talented employees with 94 percent holding security clearances located at more than 160 customer sites. We partner with our customers to support their missions. To learn more, visit http://www.njvc.com/.
About Gravitant®

Gravitant, Inc. is a leader in the cloud brokerage and management space. We provide enterprises with the capability to discover and source the right cloud computing services and to provision across cloud providers, whileintelligently controlling IT resource capacity, cost and performance. Gravitant has a world-class team of industry professionals with a combined 50 years of experience and more than 20 commercial enterprise software patents. We have developed partnerships with leading cloud providers, and our services are currently in use at many large state agencies across the continental United States. To learn more, visit www.gravitant.com.

Contact

Michelle Snyder, NJVC, 703.893.7609, michelle.snyder@njvc.com
Audra Capas, 5StarPR, 703.437.9301, audra@5starpr.com
Sowmya Rao, Gravitant, 512.535.7399, sowmya.rao@gravitant.com

( Thank you. If you enjoyed this article, get free updates by email or RSS - KLJ )