FedRAMP (Federal Risk and Authorization Management Program) is a program of standardized guidelines developed by the federal government for achieving authorization for cloud hosting of federal customer systems and applications.
Because of our outstanding track record, the U.S. Department of Energy has extended FedRAMP sponsorship to MCG Energy to enhance the security of our customers’ systems. MCG Energy is now preparing for FedRAMP authorization.
FedRAMP employs several federal laws such as FISMA (Federal Information Security Modernization Act) as the foundation for all of its cybersecurity policies. The program requires that all federal agencies appropriately authorize and assess their information systems and cloud monitoring services. FedRAMP seeks to “provide a cost-effective risk-based approach for the adoption and use of cloud services to Executive departments and agencies.” While many companies are offering cloud hosting services to a wide variety of businesses and entities including federal government agencies, any independent cloud provider must adhere to FedRAMP’s rigorous standards before they can secure business with a government agency.
MCG Energy – Getting on FedRAMP
As discussed in an earlier blog, the SOC and NIST 800-53 standards MCG Energy already adheres to apply to a company’s internal controls. FedRAMP adds a private cloud hosting focus to its controls. There is a large amount of overlap between SOC2, NIST, and FedRAMP, but FedRAMP is more detailed in how the controls are applied and reported since they will be hosted outside federal systems. Whereas SOC2 and NIST give a wide range for frequency or duration of security activities, instead of leaving it up to the discretion of the system provider, FedRAMP provides specifics for when or how often activities are performed. There are also requirements for which tools can be used with a strong emphasis on automation, alerting, and integration of security data. FedRAMP uses many of the same industry standard principles that SOC2 and NIST are built on but at a much higher level of required effort.
MCG Energy Offers a Unique Level of Cybersecurity for Datacenters and Applications
When preparations are completed, MCG Energy will be in the unique position of having both our datacenter hosting facilities and our software packages FedRAMP authorized. Many other providers will offer to put an application into the FedRAMP cloud facility of a hosting provider like AWS or Azure. This is not enough when client agencies require the same level of FedRAMP security for the application itself. Unlike many competitors who shift the responsibility for security to an external hosting provider, MCG Energy’s audit and authorization programs include our datacenters and our applications leaving no gaps or confusion regarding the security of MCG Energy’s solution.
MCG Energy can achieve this since we have always integrated stringent security policies into our software development, system development and datacenter hosting security. All the development work is done in-house and hosted in our private datacenters allowing us to control the process and to insure the security of our solutions without shifting responsibility to a third party and creating added complexity for our customers. The result is that, without exception, MCG Energy consistently passes annual audits by independent auditing firms. We guarantee this level of security for the duration of our agreement with the customer.
By meeting SOC 2, NIST SP 800-53, and FedRAMP Cybersecurity standards, MCG Energy has the most trustworthy and reliable hosting infrastructure available for your energy software needs. Contact us to learn more about our FedRAMP status.
Greg Maxfield, MCG Energy Customer Care Manager and Dave Peterson, MCG Energy Content Administrator