The General Services Administration on Tuesday released extensive new details on FedRAMP, the federal government’s new standardized approach to vetting the security of cloud computing services, taking an important step toward launching the program.
The GSA-led FedRAMP is a soon-to-be-mandatory government-wideprogram that standardizes the government’s approach to authorizing cloud services for use by federal agencies and monitoring those services to ensure that they continue to meet federal cybersecurity requirements.
Once a service goes through the initial FedRAMP authorization process, it gets a stamp of approval that any agency can use to sign off on the service’s ability to meet federal security requirements. This is much more efficient and standardized than the historic approach to security authorization, which required each agency to do its own authorization. Federal CIO Steven VanRoekel has estimated that FedRAMP could save federal agencies between 30% and 40% on their security assessments and cloud procurement processes.
According to the 47-page concept of operations document, popular collaboration and infrastructure-as-a-service tools will be the first applications to run through the FedRAMP authorization process. At an event hosted by tech industry group TechAmerica on Wednesday, GSA officials said that they will prioritize services where there are already existing contracts.
via InformationWeek Government, continued here.