Pursuant to a memorandum released in November, 2016 by the US Office of Management and Budget, M-17-06 Policies for Federal Agency Public Websites and Digital Services, Project Hosts’ FedRAMP compliant websites can meet website objectives and recommendations. U.S. federal and state government agencies and enterprise organizations that need a highly secure website and content management system can now use Drupal, Joomla and WordPress for FedRAMP compliant websites with database.
Vulnerability scans, expensive audits and access control are at the forefront of the RA, AU and AC Control Families, which along with 253 additional controls, give Federal and State agencies and their citizens peace of mind when accessing and sharing information over their FedRAMP websites. Project Hosts, Inc. has put together a series of videos going over the various control families necessary to achieve FedRAMP compliance. While some of the control families are industry standard for IT security management, it is the substantial number of controls required in FedRAMP that adds the impenetrable layers of security through FedRAMP Compliance.
The RA- Risk Assessment FedRAMP Security Control Family is primarily about vulnerability scanning on your system.
The AU – Audit and Accountability FedRAMP Security Control Family covers the logging that you must do in you systems to be able to alert you when something is going wrong, or to diagnose incidents. Such audits can cost upwards of $200k annually.
The AC- Access FedRAMP Security Control Family is the largest family with 43 controls. This family of controls covers how you provide control over who accesses your environment and how you authorize that access.