FedRAMP for SaaS


Presented by Coalfire

FedRAMP for SaaS

By: Rob Barnes, Public Sector Practice Leader, Coalfire

FedRAMP, the Federal Government’s program for security and risk management of commercial cloud providers serving the Government is a little over two years old now. A majority of the early participants in the program have been the Infrastructure-as-a- Service (IaaS) providers. Now that many FedRAMP authorized IaaS providers are available for Federal agencies to choose from, the next wave in FedRAMP includes adoption of Software-as-a-Service (SaaS) solutions. With this wave comes new challenges, as adopting FedRAMP for SaaS is not as simple as moving to and leveraging a FedRAMP-authorized IaaS.

Join us for this webinar where Rob Barnes, Public Sector Practice Director at Coalfire and 2015 FCW Fed100 Winner, will answer common questions, dispel myths and discuss lessons learned for SaaS providers considering or pursuing FedRAMP.

Topics will include:

  • What to look for in an IaaS provider
  • Why leveraging a FedRAMP-authorized IaaS does not mean your SaaS is automatically authorized
  • Understanding how inherited controls between IaaS and SaaS really works
  • Why your SaaS technically may be solely-responsible for less controls, but you may still be facing an IaaS-level of work.
  • FedRAMP authorization routes – Agency, JAB, and CSP Supplied. Which is right for me (and our underlying IaaS provider).
  • An introduction to the DoD Cloud Computing Security Requirements Guide (SRG) and how it relates to FedRAMP for those cloud providers (SaaS) with DoD customers.

This Archived Webinar Requires Registration. Fill out the form below to instantly receive access.