Government Seeking Comments on Cloud Security Proposal
"Rush to the Cloud" mentioned the U.S. government has adopted an ambitious agenda to move applications to the cloud. It has been awarding contracts in advance of having formalized requirements for security of government applications and databases that are being outsourced to cloud service providers.
The government has established the Federal Risk and Authorization Management Program (FedRAMP) to define the security environment in which those applications in the cloud must operate. FedRAMP will provide authorization to move government applications to the cloud and continuously monitor cloud platforms. The objective is to have a common security and continuous assessment model across the government for applications and databases hosted by commercial cloud services.
More information about the government's proposed cloud security framework is available at FedRAMP.gov. You can also download Proposed Security Assessment and Authorization for U.S. Government Cloud Computing and comment.
The public comment period for the FedRAMP document is open until 11:59 pm Eastern time on January 17, 2011.
GSA CIO Casey Coleman recently wrote in her blog:
Implementation time for FedRAMP certified vendors would be dramatically cut - instead of its taking months to get a security authorization, it could take weeks.The US government has established the Federal Risk and Authorization Management Program (FedRAMP) to define the security environment in which those applications in the cloud must operate.