A New Federal Cloud Compliance Program Is The Federal Risk And Authorization Management Program

1317 WordsMar 16, 20156 Pages
A. INTRODUCTION Federal organizations are moving their services to the cloud to minimize their software and infrastructure footprint and to save money, time, and resources. As cloud service providers (CSPs) are becoming prevalent, we must analyze the security of these services to ensure compliance with standards and laws that protect customers, citizens, and information. Therefore, this paper analyzes a new federal cloud compliance program called the Federal Risk and Authorization Management Program (FedRAMP). This paper also establishes that FedRAMP can indirectly aid federal government organizations to be compliant with the following laws: Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Family Educational Rights and Privacy Act (FERPA); the International Traffic in Arms Regulations (ITAR); and the Payment Card Industry Data Security Standard (PCI DSS). This paper will briefly explain these four laws and cloud computing discussions regarding these laws. This paper will also explain FedRAMP and the way it can help federal organizations to be complaint with these laws. B. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) HIPAA was originally established in 1996 to mandate the Department of Health and Human Services (HHS) to establish national standards for the transfer of electronic medical records with the intent to facilitate transferring of medical records; it applies to health plans, health care clearinghouses, and health
Open Document