Could updated controls from NIST drive up cloud security costs?

Among the biggest complaints about the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) have been the cost for vendors and the time it takes to get approved.

The FedRAMP program management office has tried to address both over the last few years, most recently introducing the Tailored program for low-impact, software-as-a-service offerings last month.

But now the program management office is concerned that many of those advances could be at risk with the updated security controls from the National Institute of Standards and Technology.

In its public comments about NIST Special Publication 800-53, Revision 5, FedRAMP said the move from Revision 4 to Revision 5 could cost millions of dollars across the cloud service providers, third-party certifiers and the federal Joint Authorization Board (JAB) to update the approved cloud services and related standards.

Doug Barbin, a principal and cybersecurity leader for Shellman and Company, a 3PAO, said in an interview with Federal News Radio that while privacy was always a part of Rev 4 and previous revisions, Rev 5 brings in more of the generally accepted privacy requirements, policies and guidelines for information sharing.

Read more: federalnewsradio.com

About the Author

Doug Barbin is a managing principal and firm-wide leader for cyber security and compliance services. He works with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 20 years’ experience and maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He was one of the first Cloud Security Alliance CCSK recipients and regularly trains Schellman personnel on cloud auditing, compliance, and other advanced technologies. Doug is very active in industry organizations and regularly speaks on cloud security, AI, FedRAMP, and other compliance frameworks.

More Content by Douglas Barbin