- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2018 07:26 AM
What should I expect moving our instances to FedRAMP? Anything I need to do?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2018 07:49 AM
Start by requesting the FedRAMP package from fedramp.gov (package request form is on the site). Once you get access, hone in on the CIS/CRM (Controls implementation summary, found inside the SSP) - the CRM is the customer responsibility matrix which tells you exactly what the requirements are on your side to complete the loop and secure the instance(s).
They also have a tool on their side (called ACE I think? Can't remember) that runs a buncho f compliance checks against your instance to see where you stand and what else needs to be done. We found that very helpful. Good luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2018 07:49 AM
Start by requesting the FedRAMP package from fedramp.gov (package request form is on the site). Once you get access, hone in on the CIS/CRM (Controls implementation summary, found inside the SSP) - the CRM is the customer responsibility matrix which tells you exactly what the requirements are on your side to complete the loop and secure the instance(s).
They also have a tool on their side (called ACE I think? Can't remember) that runs a buncho f compliance checks against your instance to see where you stand and what else needs to be done. We found that very helpful. Good luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2018 07:58 AM
Thanks for the information! I needed this!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2018 08:13 AM
If you were already in a FISMA DataCenter then it should not be to many changes in preparation. Like @carlyweb said reaching out to HI and asking for them to RUN the ACE tool. They will provide you a list of Customer Controls, it might seem long and daunting but OOB a lot of them are already done for you.
Feel free to reach back out and ask any specific questions that might arise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2018 11:50 AM
Be aware, that once your instances are marked as "Federal" you will no longer be able to download "Share" products into them and if you wish to move to a release upgrade before it is FedRamp certified (e.g,. Kingston is not yet FedRamp certified as of patch 2) you will need to get an exception via HI incident ticket.