Cloud resources for government users
Cloud smart strategy
The Office of Management and Budget posted the final version of its cloud smart strategy. First drafted in September 2018, the strategy includes a list of action items "to advance the Cloud Smart agenda." It also requires federal agencies to "rationalize their application portfolios" to support cloud adoption by assessing application portfolios and discarding those apps that are "obsolete, redundant, or overly resource-intensive." The CIO Council said it will develop best practices and other resources to help agencies with the rationalization process.
The cloud smart work plan will be executed over an 18-month period, and will be updated as the cloud market and technologies evolve. Read the final policy here.
Campaign security assistance, at a discount
Microsoft announced Microsoft 365 for Campaigns is now available at a discounted price for U.S. federal political campaigns and national-level political parties. The service brings together Office 365, Windows 10 and Enterprise Mobility+Security with Exchange Online for Email, SharePoint and OneDrive and Teams along with other Office applications such as Outlook, Word, Excel, PowerPoint and more.
A simple setup process allows admins to implement features like multifactor authentication, Office 365 Advanced Threat Protection, protection of mobile apps and documents and the ability to easily install security patches and updates to Office apps. The security service is available for $5 per user per month. Find out more here.
A leg up on ATOs
To help partners get the authorizations they need to offer AWS-based cloud services to the public sector, Amazon Web Services has launched a program that provides a portfolio of resources for CSPs pursuing compliance authorization. The Authority to Operate on AWS program addresses FedRAMP, Defense Federal Acquisition Regulation Supplement, the Criminal Justice Information Services as well as many other compliance programs.
The program is a partner-driven process, AWS officials said, and includes training, tools, control implementation details and pre-built templates and policy/procedure artifacts to help solution providers build, implement, and optimize security strategies and processes. It also provides access to managed solutions that minimize the work required to achieve such authorizations. More information is available here.
The Federal Risk and Authorization Management Program issued updated guidance on the authorization process of services listed in the marketplace – a database of cloud service providers that have achieved a FedRAMP designation.
The new Marketplace Guidance describes the different FedRAMP designations for cloud services: FedRAMP Ready, FedRAMP in Process and FedRAMP Authorized. It also includes details for agencies and industry for achieving and maintaining FedRAMP status on the Marketplace and how to achieve in-process designation when working with Defense Department agencies. Read the guidance here.
Editor's note: This article was updated June 28 with the correct linkto FedRAMP guidance.
Connect with the GCN staff on Twitter @GCNtech.