Blog Post

The Department of Defense Clarifies FedRAMP Equivalency Standard

As many Department of Defense (“DoD”) contractors know, if they want to store, process, or transmit covered defense information (“CDI”) with a cloud service provider (“CSP”), then the CSP must meet the security requirements equivalent to those established by the Government for the Federal Risk and Authorization Management Program (“FedRAMP”) Moderate baseline. This begs the question, what is equivalence to the FedRAMP Moderate baseline? Earlier this month, the DoD issued a much-needed memorandum that helps answer this question.

To read the full post, please visit our Government Contracts Navigator blog.