By Jim Miwa
Back in 2012, the Office of Management and Budget (OMB) instituted a Cloud First policy. This policy was intended to accelerate the pace at which the government would realize the value of cloud computing by requiring Agencies to evaluate safe, secure cloud computing options before making any new investments
Around this time the Federal Risk and Authorization Management Program (FedRAMP) was introduced as a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments. FedRAMP became mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high risk impact levels.
In short, FedRAMP supports OMB’s Cloud First Policy by enabling Agencies to rapidly adapt from old, legacy IT to mission-enabling, secure and cost effective cloud-based IT.
Since October 2017, IBM has been planning, designing, and building infrastructure from the ground up to develop an IBM Maximo and TRIRIGA FedRAMP agency authorized SaaS offering at the Moderate level (325 NIST 800-53 security controls). This is a massive certification and accreditation effort involving a comprehensive System Security Plan (SSP) that clearly articulates policy, process, procedures, resources, infrastructure, tooling, etc. to ensure we’re meeting those 325 controls, validated by a 3rd Party Assessment Organization (3PAO).
On June 14, 2018, the FedRAMP Program Management Office officially listed the IBM Maximo and TRIRIGA SaaS offering as “In Process” in their Marketplace, recognizing the work that that been executed thus far.
Next up is the 3PAO Assessment which is on track to start in the fall of 2018. Upon completion of the Assessment, we expect the offering to move towards an “Authorized” designation, enabling our Agency sponsor to start utilizing the SaaS service. And of course, with FedRAMP’s framework of “do once, use many times”, this will enable other Agencies to leverage this FedRAMP Agency ATO as they look to move or utilize Maximo and TRIRIGA in the cloud.