FEDRAMP memo

Home Forums Technology FEDRAMP memo

This topic contains 1 reply, has 1 voice, and was last updated by  Henry Brown 7 years, 7 months ago.

  • Author
    Posts
  • #147238

    Henry Brown
    Participant

    Title: Security Authorization of Information Systems in Cloud Computing Environments
    Date Dec 8, 2011
    Introduction

    Cloud computing offers a unique opportunity for the Federal Government to take advantage of cutting edge information technologies to dramatically reduce procurement and operating costs and greatly increase the efficiency and effectiveness of services provided to its citizens. Consistent with the President’s International Strategy for Cyberspace and Cloud First policy, the adoption and use of information systems operated by cloud service providers (cloud services) by the Federal Government depends on security, interoperability, portability, reliability, and resiliency.

    Over the past 24 months, the Administration has worked in close collaboration with the National Institute of Standards and Technology (NIST), the General Services Administration (GSA), the Department of Defense (DOD), the Department of Homeland Security (DHS), the United States Chief Information Officers Council (CIO Council) and working bodies such as the Information Security and Identity Management Committee (ISIMC), state and local governments, the private sector, non-governmental organizations (NGOs), and academia to develop the Federal Risk and Authorization Management Program (FedRAMP). This program introduces an innovative policy approach to developing trusted relationships between Executive departments and agencies and cloud service providers (CSPs).

    FedRAMP will provide a cost-effective, risk-based approach for the adoption and use of cloud services by making available to Executive departments and agencies:

    download PDF file

  • #147241

    Henry Brown
    Participant

    article: from Nextgov.com

    Agencies, contractors get rules of the road for cloud security approvals

    By Aliya Sternstein 12/08/2011

    Federal cloud providers by June 2012 will have to comply with new uniform security controls so that multiple agencies can piggyback off the certifications for faster installation, White House officials announced Thursday.

    To more quickly slice $5 billion from the government’s annual $80 billion information technology tab, the Obama administration has released requirements for expediting cloud security approvals. Protecting data in the cloud — or remote storage and software accessible online — has been a stumbling block for some federal managers, officials said. The Federal Risk Authorization Management Program (FedRAMP) is a process aimed at guaranteeing a vendor’s goods adhere to baseline controls so that any agency can immediately deploy the services, without reassessing the product’s safety.

    Recycling accreditations is expected to save the government 30 percent to 40 percent in testing and procurement costs, federal Chief Information Officer Steven VanRoekel said. “Cloud computing has become an integral part of the government’s DNA,” he told reporters. “One of the main challenges that people have identified is around security and using security as a barrier to entry around cloud computing.”

You must be logged in to reply to this topic.