Agiliance RiskVision Provides Out-of-Box FedRAMP Cloud Security Controls

Provides time-to-market compliance verification for cloud service providers serving the U.S. government.

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Agiliance, Inc., an independent provider of security and operational risk management (SRM) solutions for governance, risk, and compliance (GRC) programs, released its Agiliance Federal Risk and Authorization Management Program (FedRAMP) Content Pack, which includes the baseline controls required for FedRAMP security assessments and authorizations of cloud service providers (CSPs).

FedRAMP, developed by the National Institute of Standards and Technology (NIST), the U.S. General Services Administration (GSA), the U.S. Department of Defense (DOD), and the U.S. Department of Homeland Security (DHS), provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP security assessment process is also aligned with the security controls and guidance in NIST Special Publication 800-37.

The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Report prior to the Initial Operating Capability of FedRAMP.

“The U.S. government is moving quickly to adopt cloud computing, both for its own datacenter consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility,” said Torsten George, vice president of worldwide marketing and products at Agiliance. “With the addition of new cloud security intelligence in the FedRAMP Content Pack, Agiliance enables government agencies to implement continuous monitoring as prescribed by NIST, FISMA, and now FedRAMP.”

Agiliance RiskVision can be deployed as a cloud service or on premise. The Agiliance FedRAMP Content Pack with Agiliance RiskVision Compliance Manager exceeds all five requirements for use by FedRAMP authorized third-party assessment organizations in the following ways:

  • Increases re-use of existing security assessments across agencies

  • Saves significant cost, time, and resources -- "do once, use many times"

  • Improves real-time security visibility

  • Supports risk-based security management

  • Provides transparency between government and CSPs

The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVision platform. More information is available at www.agiliance.com.