Agencies this fall will be able to pick from a small menu of precertified cloud services, but most products will not be covered by a new security program intended to cut down the cost and time of accrediting technologies until 2012, General Services Administration officials told House members Thursday.
FedRAMP, a product approval program tailored to the cloud, is part of a major governmentwide switch from using in-house, notoriously budget-busting information technology systems to accessing IT services through the Internet, or the cloud.
To speed procurements, FedRAMP would task independent auditors with verifying that a vendor’s product meets a governmentwide baseline set of security controls so that any agency can immediately deploy the technology.
The government, in turn, is expected to pocket the millions of dollars agencies currently waste running redundant tests on similar IT products. In the past, departments have spent $300 million on certification and accreditation activities a year, according to the Office of Management and Budget.
via Nextgov, continued here.