What is FedRAMP and What Does it Mean When Evaluating CPM Solutions? - OneStream Software
Skip to Content

What is FedRAMP and What Does it Mean When Evaluating CPM Solutions?

Featured Image

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It was designed to support the need for federal agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT systems.

Towards this end, FedRAMP created and manages a core set of processes to ensure effective, repeatable cloud security for the government. FedRAMP established a mature marketplace to increase utilization and familiarity with cloud services while facilitating collaboration across government through open exchanges of lessons learned, use cases, and tactical solutions.

Categorizing Offerings by Impact Levels

Under the FedRAMP program, Cloud Service Offerings (CSOs) are categorized into one of three impact levels: Low, Moderate, and High; and across three security objectives: Confidentiality, Integrity, and Availability.

FedRAMP currently authorizes CSOs at the: Low, Moderate, and High impact levels.

Low Impact is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in limited adverse effects on an agency’s operations, assets, or individuals.

Moderate Impact systems accounts for nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals. Serious adverse effects could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.

High Impact data is usually in Law Enforcement and Emergency Services systems, Financial systems, Health systems, and any other system where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. FedRAMP introduced their High Baseline to account for the government’s most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin

FedRAMP screenshot

There are close to 200 authorized FedRAMP cloud services listed in the Marketplace as of July 2020, with many more going through the authorization process. And while the program was designed to support federal agencies, according to Gartner, there is increasing interest in the FedRAMP program from state and local agencies, tribal and non-US governments, companies in regulated industries and the defense industry, as well as non-profit and educational organizations.

Pros and Cons of FedRAMP

FedRAMP was created as a well-intentioned program to support federal agencies’ cloud software adoption. However, as with most similar efforts, reactions have been mixed. According to a recent Gartner research note1, pros and cons have emerged so security and risk management (SRM) leaders evaluating whether a FedRAMP approach is right for them should consider the following:

Pros

Cons

As a result of these pros and cons, Gartner recommends the following for SRM leaders responsible for cloud security decisions:

  1. FedRAMP Demystified, Katell Thielemann, 21 July 2020

OneStream and FedRAMP Authorization

FedRAMP logo-1

OneStream Software received the Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization in 2018 and considers it an important qualification for federal agencies seeking cloud solutions that are secure and meet federal standards. In fact, OneStream was the first cloud corporate performance management (CPM) provider to achieve the FedRAMP Moderate authorization.

OneStream went through an expensive and rigorous 18-month process of reviews by the FedRAMP PMO in order to gain FedRAMP Moderate Authorization, and continues to be audited by the PMO to ensure we are continuing to remain in compliance with FedRAMP standards. OneStream has not specifically passed the costs of this process onto our customers via our pricing, we see this as the cost of doing business with federal agencies and others that respect the standard.

Learn More

To learn more about OneStream’s FedRAMP authorization visit our web site or contact your local OneStream account representative.

Previous Slide Image How Michigan Startup OneStream Reached Unicorn Status Align Your Strategy and Forecasting with OneStream Long-Range Planning Previous Slide Image
Subscribe

Get a Live Demo of OneStream

Get a Live Demo of OneStream

Hundreds of organizations have made the leap from spreadsheets and legacy CPM applications to OneStream and never looked back. Join the revolution!

Request a Demo

Video

Close
continue

Blog Subscription