FedRAMP about to hit the streets
- By Rutrell Yasin
- Jun 05, 2012
The Federal Risk Authorization and Management Program will begin its initial operational capacity late in the week of June 4, federal CIO Steve VanRoekel said at the National Institute of Standards and Technology’s Cloud Computing Forum and Workshop V.
FedRAMP is the result of government’s work address security concerns related to the growing practice of cloud computing, VanRoekel said during a panel June 5 on global government views on the potential of cloud technology to transform public services.
The program establishes a standardized approach to security assessment, authorizations and continuous monitoring for cloud services and products.
Feds put some meat on FedRAMP’s bones
Federal CIO says FedRAMP to be mandatory
As federal agencies started to implement cloud technology, officials discovered that agency requirements and approaches to certification were inconsistent, VanRoekel said during the forum, which is being held June 5-7 at the Commerce Department in Washington, D.C. FedRAMP will not only bring consistency to the process but give cloud vendors a standard way of providing services to the government, he said.
The government has come a long way in a very short time with cloud computing since the Obama administration began the initiative three years ago, VanRoekel said. The government realizes that the cloud represents a once-in-a-generation opportunity to reshape how the government thinks about, buys and uses technology, he said.
To jumpstart the move to cloud, the administration initiated the cloud-first policy, which requires agencies to consider moving applications to the cloud as a first option for new IT projects.
“Our cloud-first policy does not require that a cloud be based in the United States,” VanRoekel said. However, agencies are always required to elevate security and privacy requirements for any technology whether it is in a cloud or on-premise. As a result, requirements for protecting data — both at rest and in transit— will have to be among their considerations.
Agencies now understand how to effectively move to the cloud, and clouds are growing in size and complexity. And federal IT leaders will be providing agencies with tools to accelerate that migration, he said.
The General Services Administration in May released a list of accredited third-party assessment organizations that will provide assessments and test the controls of cloud service providers to ensure that they meet FedRAMP requirements.