by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2016
May 15, 2016 FCW.COM 17 Agency review process Agency authorizations are unchanged for now and similar to the old JAB process. FedRAMP ACCELERATED OLD JAB REVIEW PROCESS System Security Plan CSP and FedRAMP information system security officer (ISSO) review documentation of security controls before submitting to JAB. CSP addresses JAB concerns and resubmits as needed. System Assessment Plan Third-party assessment organization (3PAO) drafts a plan for testing CSP’s compliance with FedRAMP requirements. ISSO reviews plan before submitting to JAB. CSP addresses JAB concerns and resubmits as needed. Testing 3PAO tests CSP’s system and creates a Security Assessment Report. Security Assessment Report CSP and ISSO review the report before submitting to JAB. CSP addresses JAB concerns and resubmits as needed, then creates a final Plan of Action and Milestones. Authorize Final JAB review and sign-off on provisional authority to operate. Readiness Assessment Report 3PAO assesses CSP’s system to identify potential gaps in security controls, recommends adjustments and then drafts a report for the FedRAMP PMO’s review. This step is far less involved than a full- blown Security Assessment Report and should take just a few weeks. FedRAMP Ready review The FedRAMP PMO reviews the Readiness Assessment Report and, barring questions about the 3PAO’s conclusions, declares the CSP FedRAMP Ready. PMO has pledged one-week turnarounds on these reports. Security Assessment Report 3PAO and CSP can now move forward with a Security Assessment Report, which must be fully completed before submitting to JAB for review. The time required for this step depends almost entirely on the CSP and 3PAO. JAB review and authorization JAB reviews the Security Assessment Report. CSP addresses JAB concerns as needed before provisional authority to operate is granted. The goal is to complete these reviews within three months. 9-18MONTHSORMORE3-6MONTHS The FedRAMP program management office has a new plan for moving cloud service providers through the Joint Authorization Board review. RETHINKING THE ASSESSMENT PROCESS CSP Supplied process This path to FedRAMP compliance has been discontinued as of April 29. 0515fcw_016-020.indd 17 4/20/16 12:43 PM
April 30, 2016
May 30, 2016