FedRAMP (Federal Risk and Authorization Management Program) is a program of standardized guidelines developed by the federal government. Its purpose is achieving authorization for cloud hosting of federal customer systems and applications.
Because of our outstanding track record, the U.S. Department of Energy has extended FedRAMP sponsorship to MCG Energy to enhance the security of our customers’ systems. MCG Energy is now preparing for FedRAMP authorization.
FedRAMP employs several federal laws such as FISMA (Federal Information Security Modernization Act). These laws are the foundation for all of FedRAMP’s cybersecurity policies. The program requires that all federal agencies appropriately authorize and assess their information systems and cloud monitoring services. FedRAMP seeks to “provide a cost-effective risk-based approach for the adoption and use of cloud services to Executive departments and agencies.” Many companies offer cloud hosting services to a wide variety of businesses and entities including federal government agencies. However, any independent cloud provider must adhere to FedRAMP’s rigorous standards before they can secure business with a government agency.
MCG Energy – Getting on FedRAMP
As discussed previously, MCG Energy already complies with SOC and NIST 800-53 standards, which apply to a company’s internal controls. FedRAMP adds a private cloud hosting focus to its controls. There is a large amount of overlap between SOC2, NIST, and FedRAMP. However, FedRAMP is more detailed in how the controls are applied and reported since they will be hosted outside federal systems.
SOC2 and NIST give a wide range for frequency or duration of security activities. Instead of leaving it up providers, FedRAMP specifies when or how often activities are performed. There are also requirements for which tools can be used. There is a strong emphasis on automation, alerting, and integration of security data. FedRAMP uses many of the same industry standard principles that SOC2 and NIST are built on. But FedRAMP authorization requires a much higher level of effort.
MCG Energy Offers a Unique Level of Cybersecurity for Datacenters and Applications
When preparations are completed, MCG Energy will have both our datacenter hosting facilities and our software packages FedRAMP authorized. This puts us in a unique position. Other providers often offer to put an application into the FedRAMP cloud facility of a host like AWS or Azure. This is not enough when client agencies require the same level of FedRAMP security for the application itself. These competitors shift the responsibility for security to an external hosting provider. Instead, MCG Energy’s audit and authorization programs include our datacenters and our applications. This leaves no gaps or confusion regarding the security of MCG Energy’s solutions.
MCG Energy can achieve this since we have always integrated stringent security policies into our software development, system development and datacenter hosting security. All the development work is done in-house and hosted in our private datacenters allowing us to control the process and to insure the security of our solutions without shifting responsibility to a third party and creating added complexity for our customers. The result is that, without exception, MCG Energy consistently passes annual audits by independent auditing firms. We guarantee this level of security for the duration of our agreement with the customer.
By meeting SOC 2, NIST SP 800-53, and FedRAMP Cybersecurity standards, MCG Energy has the most trustworthy and reliable hosting infrastructure available for your energy software needs. Contact us to learn more about our FedRAMP status.
David Peterson, Ph.D. is the content specialist for MCG Energy Solutions.