Office 365 Government Articles

FedRAMP Tips & Cues – June 12, 2019

Last week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: Cloud Service Providers (CSPs) pursuing a JAB P-ATO have asked about how to implement new technologies. New technologies have a minimum control set in the significant change policy and procedures. The assumption is that all the...

FedRAMP Tips & Cues – May 29, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) Tip: Recently, we’ve received inquiries about the SAR review process for CSPs pursuing a JAB Provisional Authorization to Operate (P-ATO). There are a number of things that JAB Reviewers need in order to properly assess risks noted in...

FedRAMP Tips & Cues – May 15, 2019

This week, FedRAMP published several Q&A’s for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) Here are some basic questions our FedRAMP SMEs get about FIPS 140-2 validation compliance for Multi Factor Authentication (MFA). Q: I hear FIPS-validation does not apply to One-Time-Password (OTP) authentication. Is this true or false? A: This is FALSE! You...

FedRAMP Tips & Cues – April 17, 2019

Last week, FedRAMP published one Q&A for Cloud Service Providers(CSPs) and one Q&A for Federal Agencies: Cloud Service Providers (CSPs) Q: What are FedRAMP baseline requirements for a Cloud Service Offering (CSO) to become a High Baseline System? 1) There should be no interconnections to systems or services lacking FedRAMP Authorization. For JAB P-ATOs, interconnections...

FedRAMP Tips & Cues – April 3, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: All FedRAMP Baselines require the CSP information system to accept and electronically verify Personal Identity Verification (PIV) and Common Access Card (CAC) credentials according to IA-2(12). Many CSP’s assign the responsibility of PIV/CAC implementation to the...

FedRAMP Tips & Cues – March 6, 2019

This week, FedRAMP published one Tip and one Q&A for Cloud Service Providers(CSPs) : Cloud Service Providers (CSPs) TIP: When submitting a Security Assessment Report (SAR) package to your 3PAO, a few simple quality checks will help ensure a timely review: Ensure the SAR Template text is unchanged, except for the removal of instructional text....