FutureFeed is continuously advancing its security standards to meet the highest compliance requirements. One of our key objectives is achieving FedRAMP Moderate Equivalent certification, a critical step in reinforcing the security of sensitive and confidential data for our subscribers. Below is an overview of our certification process and how it will impact the trust and functionality of FutureFeed.
Migration to AWS GovCloud
In 2021, we successfully migrated all of our data and code to AWS GovCloud, which holds a provisional authorization for Impact Levels 2, 4, and 5. AWS GovCloud complies with the Department of Defense (DoD) Security Requirements Guide (SRG), allowing for the secure management of controlled, unclassified information (CUI) categories and other sensitive data. This migration has enhanced our platform's infrastructure, aligning it with stringent security standards.
For more information on AWS GovCloud's compliance with DoD SRG, you can refer to the official AWS DoD Compliance page.
Compliance with the DoD Memorandum on FedRAMP Equivalency
In alignment with the DoD memorandum on FedRAMP equivalency, our goal is to achieve FedRAMP Moderate Equivalent certification. This memorandum provides guidance on leveraging FedRAMP Moderate standards for managing CUI and mission-critical data in cloud environments. The certification process involves rigorous assessment to ensure that the platform adheres to the required security protocols. You can view the full memorandum here: FEDRAMP-EquivalencyCloudServiceProviders.pdf.
Although we do not recommend the storage of CUI directly within FutureFeed, the FedRAMP Moderate equivalency will provide our subscribers with confidence in securely storing their System Security Plans (SSPs) and other confidential documents that detail their protections of CUI. This capability is essential for organizations needing to document and manage their security frameworks in compliance with federal standards.
Partnering with Project Hosts
In early 2024, we contracted with Project Hosts, a trusted FedRAMP-authorized provider, to lead us through the process of achieving FedRAMP Moderate Equivalent certification. We are on track to complete this work by October 15th, 2024. Upon completion, Project Hosts will deliver an attestation letter confirming compliance with the necessary security measures.
Project Hosts’ expertise is backed by their listings in the FedRAMP Marketplace. Their Azure listing, which has been in place since 2016, can be viewed here. The AWS FedRAMP High listing, which is In Progress, is visible here (FutureFeed is towards the bottom of the description).
3PAO Assessment by Lunarline
On October 15th, 2024, Lunarline, a trusted Third Party Assessment Organization (3PAO), will perform a detailed evaluation of the work completed by Project Hosts and our team. This assessment will ensure that all necessary controls are in place and compliant with FedRAMP Moderate standards.
Given Project Hosts' extensive experience in guiding organizations through the FedRAMP process and the absence of Plan of Action and Milestones (POA&Ms) for equivalency, we are optimistic about a favorable assessment. The final attestation letter from Lunarline is expected in February 2025.
This certification will enhance FutureFeed’s security posture, providing our users with confidence that sensitive documents like System Security Plans can be stored and managed in a secure, compliant environment.
Comments
0 comments
Please sign in to leave a comment.