Which FedRAMP Security Impact Level Is Right for You?

You would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of data necessitate different levels of security, which is why FedRAMP security impact levels exist. A government agency that deals with data that is widely available for public consumption doesn’t require as many security controls as an agency that works with classified data.

There are three FedRAMP security impact levels: FedRAMP Low, FedRAMP Moderate, and FedRAMP High. They are based on the three FISMA security objectives outlined in the Federal Information Processing Standard (FIPS199):

* Confidentiality: Protect personal privacy and prevent the unauthorized disclosure of proprietary information.
* Integrity: Prevent the unauthorized modification or destruction of information.
* Availability: Prevent disruptions to information access or use.

FedRAMP Low Security Impact Level

The FedRAMP Low Impact Level applies to cloud service offerings (CSOs) that will be used to work with data that is already publicly available; a breach of this data would not cause significant damage to the government agency or its operations, assets, or individuals. FedRAMP defines two baselines within the Low Impact Level category, the standard Low Baseline and what is known as the LI-SaaS Baseline.

The LI-SaaS Baseline applies to Low-Impact SaaS applications that do not store personally identifiable information (PII) other than what is generally required for login credentials, such as email addresses, usernames, and passwords. The LI-SaaS Baseline has fewer security controls that require testing and verification than the standard Low Baseline, and the required security documentation is consolidated.

FedRAMP Moderate Impact Level

FedRAMP High Impact Level

The FedRAMP High Impact Level, which was released in 2016, applies to CSOs being used by agencies that handle the most highly sensitive unclassified government data, such as law enforcement, emergency services, financial systems, and healthcare systems. A data breach could have catastrophic results, including loss of human life and economic crises. FedRAMP High systems must comply with 421 controls and reduce the probability of human error as much as possible by automating as many processes as possible.

The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.

Continuum GRC is proactive cyber security®. Call 1–888–896–6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.

Related posts:

With the demand for software development services ever increasing, more and more software outsourcing companies are springing worldwide. As competition gets stiffer, quality service is now a given…

On the streets of Seoul, you’ll find that there seems to be an endless array of things to do. In fact, in South Korea in general, it can be hard to narrow it down. So where do you even begin? Well…

Robert De Niro is celebrated as one of the greatest actors to grace 70mm but the same pedigree doesn’t hold sway to his directorial prowess. Till date, the 74-year-old veteran has directed only two…