What’s Your FedRAMP IQ?



Disaster Recovery Readiness IQ Test
FedRAMP
Answer these ten questions to test your knowledge of the government compliance known as FedRAMP.
IQ Test
QUESTION 1
QUESTION 2
QUESTION 3
QUESTION 4
QUESTION 5
QUESTION 6
QUESTION 7
QUESTION 8
QUESTION 9
QUESTION 10
NEXT
The answer is 2011
As part of the Obama Administration’s “Cloud First” initiative, the use of FedRAMP is mandated by the Office of Management and Budget (OMB) for all federal agencies as they migrate their systems and applications to commercial cloud computing services.
The December 2011 OMB FedRAMP policy memo requires federal departments and agencies to utilize FedRAMP-approved cloud systems.
The answer is No.
No, private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.
The answer is No.
There are no FedRAMP requirements restricting data to within the United States. There are multiple security controls that detail where data is stored, what the boundary of the system is, and where and how data in transit is protected. Some CSPs with FedRAMP Authorized systems are located globally, although the majority of service providers do restrict their data to the United States. It is up to each individual Agency and Authorizing Official to place restrictions, if needed, on data location.
The answer is No.
Using a FedRAMP Authorized infrastructure does not automatically make your service FedRAMP compliant. Each layer (i.e. IaaS, PaaS, and SaaS) must be evaluated on its own and be FedRAMP Authorized. However, when your software sits on a FedRAMP Authorized infrastructure, it will inherit controls from that authorized system and you can explain this in your documentation.
The answer is 8.
There are 8 FedRAMP requirements: System Inventory, Information Categorization, Security Controls, System Security Plan, Risk Assessment, Independent Assessment, Certification/Authorization, and Continuous Monitoring.
The answer is 2,250,000
The total median cost for a mid-range CSP was $2,250,000 to achieve a FedRAMP authorization. This splits pretty cleanly with about 50% of that being on engineering costs and 50% on the process itself. Additionally, about $1,000,000 a year maintaining an acceptable risk posture through Continuous Monitoring.
X
X
X
X
X
X
&#10004
&#10004
&#10004
&#10004
&#10004
&#10004
Check out our Security Frameworks guide to an IT Security Framework to protect your systems, applications, information, employees, and clients.
Your Score
Download
The correct answer is All of the Above.
FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high-risk impact levels. CSPs must use a FedRAMP approved 3PAO for annual assessments of its cloud system and to evaluate the impact of some changes a CSP makes to its cloud system.
&#10004
X
The Answer is 2.
There are two ways to authorize a cloud service through FedRAMP: a Joint Authorization Board provisional authorization and through individual Agencies.
X
&#10004
The answer is Federal Risk and Authorization Management Program.
X
&#10004
The answer is Cloud Resources.
The controls inside FISMA are geared towards physical space and servers – not virtualization. FedRAMP picks up that slack by being geared towards mode dependencies and cloud resources, while ensuring security and compliance frameworks established by FISMA are met.
X
&#10004