jamestranovich-noaa
commented
3 weeks ago Update: we've sent off the FedRAMP package access request. Waiting for package request approval.
Open colinmurphy01 opened 4 weeks ago
jamestranovich-noaa
commented
3 weeks ago Update: we've sent off the FedRAMP package access request. Waiting for package request approval.
jamestranovich-noaa
commented
21 minutes ago Update: still waiting. Still blocked.
Description
The current cloud.gov CRM (Customer Responsibility Matrix) is SP 800.53 rev 4 (which is really outdated). We need a rev 5 version and to do this we need NWS to submit a FedRAMP package access request form.
Specifically the AO needs to request a cloud.gov P-ATO, look over the documentation, and then ultimately accept (or not) the P-ATO for weather.gov 2.0. This essentially means the NWS AO needs to acknowledge (or not) that cloud.gov will be acceptable for NWS ATO purposes. (Otherwise, we cannot "inherit" controls from cloud.gov).
Cloud.gov has a nice diagram of how this process is supposed to look like: https://cloud.gov/docs/compliance/ato-process/#customer-ato-that-inherits-from-cloudgov-ato-ideal (we are between steps 1 and 2).
Acceptance criteria