Federal officials announced Dec. 8 the launch of FedRamp, an effort for low- and moderate- risk cloud services to gain common cybersecurity certification under the Federal Information Security Management Act.
In a call with reporters, Federal Chief Information Officer Steven VanRoekel said FedRamp should cause the government to collectively save 30 to 40 percent of money spent on authorizing and accrediting cloud services to operate on federal networks.
FedRamp will permit cloud services to attain a “provisional” authorization that agencies can use when granting cloud services authority to operate. According to a VanRoekel memo (.pdf), also dated Dec. 8, agencies will have to (the memo uses the word “shall”) use FedRamp when conducting their own risk assessments.
via Fierce Government IT, continued here.