Office 365 FedRAMP Compliance Articles

FedRAMP Weekly Tips- November 9, 2017

This week, FedRAMP published  two questions and answers. One for  Cloud Service Providers (CSPs) and  one for Third Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: Why is it important to maintain consistency between the security control implementation statements and the technical diagrams in the System Security Plan (SSP)? A: The security control implementation statements...

FedRAMP Weekly Tips- November 2, 2017

This week, FedRAMP published  two questions and answers. One for  Cloud Service Providers (CSPs) and  one for Third Party Assesment Organizations (3PAOs) Cloud Service Providers (CSPs) Q: The Agency I’m working with requires that their data be cryptographically protected. What requirements must I follow? A: Any system that handles Government data may be the target of...

FedRAMP Weekly Tips – October 18, 2017

This week, FedRAMP published  two questions and answers for Cloud Service Providers (CSPs) and  Important Stakeholder  Information: Cloud Service Providers (CSPs) Q: Can a CSP mark a control as both “Implemented” and “Alternative Implemented” in the System Security Plan (SSP)? A: Usually not. If a control is fully implemented, then only the “Implemented” box is checked....

FedRAMP Weekly Tips – October 11, 2017

This week, FedRAMP published questions and answers, one for Cloud Service Providers (CSPs) and one for Thrid Party Assesment Organizations (3PAOs): Cloud Service Providers (CSPs) Q: If I am uploading an Agency-authorized cloud service package for review/approval by FedRAMP, how do I ensure I am uploading all the required documents? A: The FedRAMP Documentation Checklist (found on FedRAMP.gov...

FedRAMP Weekly Tips – August 31 2017

This week, FedRAMP published two tips about security controls and incident response plans: TIP: AC-2 and IA-2 are closely related. Every group, account, or role defined in AC-2 must be explicitly addressed in IA-2. AC-2 is used to define the groups, accounts, and roles, who may be assigned to one, and how they are managed...

FedRAMP Weekly Tips – August 24 2017

This week, FedRAMP published questions and answers that discuss System Security Plans, and continuous monitoring: Q: A service previously documented in the System Security Plan (SSP) was renamed. How do we reflect the name change when we submit a Deviation Request (DR) for a vulnerability that affects the renamed service? A: Please provide a brief...

FedRAMP Weekly Tips – August 17 2017

This week, FedRAMP published questions and answers that discuss FedRAMP documents, and points of contact: Q: What information does the FedRAMP PMO require for Contingency Plans and Incident Response Plans, and for testing them? A: You must use the Contingency Plan template from the Templates section of the FedRAMP website, at https://www.fedramp.gov/resources/templates-2016/. In Section 6,...

What is ATO as a Service™ for Office 365?

The process to obtain a Office 365 FedRAMP ATO is time consuming, manual, and paper-intensive. Until now! Introducing ATO as a Service™, an exclusive Software as a Service that automates FedRAMP processes, and shortens FedRAMP ATO timeframes for Office 365 government subscriptions. cFocus Software has partnered with Microsoft Corporation to develop ATO as a Service™, allowing...