Azure FedRAMP Compliance Articles

Azure Services That Are FedRAMP-Certified

Microsoft is a leader in FedRAMP certified services–as of September 2017, Microsoft offers 12 services in Azure (the commercial version) that are FedRAMP-certified at the Moderate Impact Level, and 32 services in Azure Government that are FedRAMP-certified at the High Impact Level. Additionally, Azure and Azure Government have both earned P-ATOs from the FedRAMP Joint...

FedRAMP Weekly Tips – August 31 2017

This week, FedRAMP published two tips about security controls and incident response plans: TIP: AC-2 and IA-2 are closely related. Every group, account, or role defined in AC-2 must be explicitly addressed in IA-2. AC-2 is used to define the groups, accounts, and roles, who may be assigned to one, and how they are managed...

FedRAMP Weekly Tips – August 24 2017

This week, FedRAMP published questions and answers that discuss System Security Plans, and continuous monitoring: Q: A service previously documented in the System Security Plan (SSP) was renamed. How do we reflect the name change when we submit a Deviation Request (DR) for a vulnerability that affects the renamed service? A: Please provide a brief...

FedRAMP Weekly Tips – August 17 2017

This week, FedRAMP published questions and answers that discuss FedRAMP documents, and points of contact: Q: What information does the FedRAMP PMO require for Contingency Plans and Incident Response Plans, and for testing them? A: You must use the Contingency Plan template from the Templates section of the FedRAMP website, at https://www.fedramp.gov/resources/templates-2016/. In Section 6,...

FedRAMP Weekly Tips – August 3 2017

This week, FedRAMP published QA and a tip that discusses POA&Ms and inventory: Q: What constitutes a unique finding for Plan of Actions & Milestones (POA&M) reporting and how should CSPs group related findings on the POA&M? A: The weakness identifier, asset identifier, and original detection date are elements that constitutes a new finding. If vulnerabilities are...

What is ATO as a Service™ for Azure?

The process to obtain an Azure FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for information systems hosted in the Azure Government Cloud. cFocus Software has partnered with Microsoft Corporation to develop the offering,...

FedRAMP Weekly Tips – July 27 2017

This week, FedRAMP published a weekly tip that discusses the use of non-US persons support and updating SSP officials: TIP: A CSP using non-US persons to support their system is FedRAMP compliant, but will find their market limited among Federal agencies. Using non-US persons to support a FedRAMP system is a business decision the CSP must...