FedHIVE is FedRAMP High Impact

About FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This framework saves time and staff required to conduct redundant agency security assessments. For more information on FedRAMP, go to www.FedRAMP.gov.

FedHIVE On FedRAMP Website

What is FedRAMP High?

The FedRAMP High Baseline Requirements allow systems containing high-impact data to be authorized through FedRAMP. Previously, the FedRAMP authorization process was only designed for low and moderate impact systems; however, with the introduction of a high baseline, even more federal agencies will be able to move to the cloud.

FedRAMP High Baseline
FedRAMP Secure Sensitive Data

These security requirements will be used to protect some of the government’s most sensitive, unclassified data in cloud computing environments. This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin.

Why is this such a big deal?

While 80% of federal information is categorized at low and moderate impact levels, this only represents about 50% of federal IT contracts. Now that FedRAMP has set the requirements for high impact levels, that breaks open the remaining 50% of the $80 billion a year the US Government spends on IT that could potentially move to the cloud securely. That’s huge!

Federal Information Security Management Act of 2002 (FISMA) Information Classification

[ mouseover severity levels for description ]

Low Moderate High FedRAMP Confidentiality Diagram 01
LOW
The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
MODERATE
The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
HIGH
The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
FedHIVE Badge

Confidentiality

“Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [44 U.S.C., Sec. 3542]

A loss of confidentiality is the unauthorized disclosure of information.

[FIPS PUB 199]

Low Moderate High FedRAMP Integrity Diagram
LOW
The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
MODERATE
The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
HIGH
The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
FedHIVE Badge

Integerity

“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…” [44 U.S.C., Sec. 3542]

A loss of integrity is the unauthorized modification or destruction of information.

[FIPS PUB 199]

Low Moderate High FedRAMP Availability Diagram
LOW
The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational assets, or individuals.
MODERATE
The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational assets, or individuals.
HIGH
The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational assets, or individuals.
FedHIVE Badge

Availability

“Ensuring timely and reliable access to and use of information…” [44 U.S.C., SEC. 3542]


A loss of availability is the disruption of access to or use of information or an information system.

[FIPS PUB 199]