Could updated controls from NIST drive up cloud security costs?

October 19, 2017 Douglas Barbin

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes to get approved.

The FedRAMP program management office has tried to address both over the last few years, most recently introducing the Tailored program for low-impact, software-as-a-service offerings last month.

But now the program management office is concerned that many of those advances could be at risk with the updated security controls from the National Institute of Standards and Technology.

In its public comments about NIST Special Publication 800-53, Revision 5, FedRAMP said the move from Revision 4 to Revision 5 could cost millions of dollars across the cloud service providers, third-party certifiers and the federal Joint Authorization Board (JAB) to update the approved cloud services and related standards.

Doug Barbin, a principal and cybersecurity leader for Shellman and Company, a 3PAO, said in an interview with Federal News Radio that while privacy was always a part of Rev 4 and previous revisions, Rev 5 brings in more of the generally accepted privacy requirements, policies and guidelines for information sharing.

Read more: federalnewsradio.com

About the Author

As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.
More Content by Douglas Barbin

Stay up to date and discover new insights into compliance through our team’s thought leadership

Could updated controls from NIST drive up cloud security costs?

About the Author

Previous Article

Next Flipbook

Could updated controls from NIST drive up cloud security costs?

About the Author

Previous Article

Next Flipbook

Other content in this Stream

Are you trying to obtain FedRAMP Authority to Operate? Understand both approaches to the program and each of their pros and cons to learn which one would suit your organization best.

Before you engage a FedRAMP 3PAO like Schellman to assess you, you'll need the services of a consultant. Read how these advisors can help you & what to ask them to ensure you get the best one for you.

Want to get FedRAMP Ready but aren’t sure how it works? Learn about the 4 phases to the process that will lead you to that formal Ready designation on the FedRAMP Marketplace.

Want to become FedRAMP Ready on the Marketplace but not sure what it takes? Learn about the minimal requirements your CSO will need to meet ahead of the Ready Assessment.

Not sure how the NIST 800 Series can help you? We break down 3 of the more well-known publications from the series to help you understand which one suits you.

Should your organization get FedRAMP Ready? We break down what this assessment is and how it can help you, as well as the benefits and drawbacks to pursuing this route.

For CSPs looking to better understand FedRAMP security requirements for containers, Schellman Manager Matt Hungate provides an overview

Schellman's Debbie Zaller provides an overview of the HHS issued HITECH Act amendment

Schellman's Matt Hungate looks at significant changes to NIST SP 800-53, Revision 5

Schellman's Grayson Taylor shares an overview of the new mapping of NERC CIP Reliability Standards to NIST Cybersecurity Framework CSF

Every industry has been forced to scale processes and adapt business models to maintain their foothold in a landscape thrown off by COVID19. At Schellman our FedRAMP 3PAO assessment process was ready.

What are the common reasons CSPs fail to achieve a FedRAMP Authority to Operate ATO in a timely manner?

US DoD has been working to revise funding procurement procedures DFARS. Most important are regulations which mandate that defense contractors meet NIST SP 800-171 standard that deals with CUI.

Schellman has performed a third of FedRAMP assessed systems and is the #2 3PAO provider.

On Wednesday July 17th, I had the distinct honor of providing the assessor perspective at a FedRAMP hearing held by the Subcommittee on Government Operations—a subset of the House Oversight Committee.

Join Schellman's Federal Practice Team as they take a step back to navigate through the more recent updates with FedRAMP and more broadly Federal Assessments.