Could updated controls from NIST drive up cloud security costs?

October 19, 2017 Douglas Barbin

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes to get approved.

The FedRAMP program management office has tried to address both over the last few years, most recently introducing the Tailored program for low-impact, software-as-a-service offerings last month.

But now the program management office is concerned that many of those advances could be at risk with the updated security controls from the National Institute of Standards and Technology.

In its public comments about NIST Special Publication 800-53, Revision 5, FedRAMP said the move from Revision 4 to Revision 5 could cost millions of dollars across the cloud service providers, third-party certifiers and the federal Joint Authorization Board (JAB) to update the approved cloud services and related standards.

Doug Barbin, a principal and cybersecurity leader for Shellman and Company, a 3PAO, said in an interview with Federal News Radio that while privacy was always a part of Rev 4 and previous revisions, Rev 5 brings in more of the generally accepted privacy requirements, policies and guidelines for information sharing.

Read more:

About the Author

Douglas Barbin

Doug Barbin is a Principal at Schellman & Company, Inc. Doug leads all service delivery for the western US and is also oversees the firm-wide growth and execution for security assessment services including PCI, FedRAMP, and penetration testing. He has over 19 years of experience. A strong advocate for cloud computing assurance, Doug spends much of his time working with cloud computing companies has participated in various cloud working groups with the Cloud Security Alliance and PCI Security Standards Council among others.

More Content by Douglas Barbin
Previous Article
Days of Our Stolen Identity: The Equifax Soap Opera
Days of Our Stolen Identity: The Equifax Soap Opera

The Equifax saga continues like a soap opera, Days of Our Stolen Identity.  Every time it appear...

Next Article
The Value of Authenticity in Networking
The Value of Authenticity in Networking

Are you always concerned with making a good first impression?  Do you often feel unsure of how t...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!