FedRAMP compliance?

Alex Thebert
Alex Thebert Member Posts: 9 Contributor
GGR Blogger 2020
edited April 2021 in CS Technology

Hello CS leaders! 


I'm doing some research on FedRAMP compliance, trying to understand how much of a lift it would be and what kind of timeline is needed for a company to become compliant. 



If you/your company has worked on this, I'd love to chat, please reach out! 


Alex

Tagged:

Comments

  • Jeremy Mulder
    Jeremy Mulder Member Posts: 26 Expert
    First Anniversary
    edited April 2021
    Hi Alex - Thinking of getting into B2G? My experience (including working at a startup in the governance, risk, and compliance space): it's a significant lift. It's not my world anymore, but you might check out Reciprocity as a place to get started; they have a team of GRC experts over there and they know their stuff and make it digestible and actionable. And if it's not them, I bet they could point you in the right direction.

    Best,
  • Alex Thebert
    Alex Thebert Member Posts: 9 Contributor
    GGR Blogger 2020
    edited April 2021

    Thanks, Jeremy! A customer was asking about this and I was trying to understand the scope. The below sg on cost was very illuminating!


    For anyone that is looking for info on this, here's the quick overview i've pieced together:
    tl;dr: All cloud services holding federal data require FedRAMP authorization. So, if you want to work with the federal government, FedRAMP authorization is an important part of your security plan.

    Read more: https://blog.hootsuite.com/what-is-fedramp/

    Who's compliant rn: https://marketplace.fedramp.gov/#!/products?sort=productName&status=In%20Process;Compliant


    image