"Vastly, what we're seeing across the government is the realization that they've had a chance to input into those baselines – and it is a lot of controls, I won't deny that either – but you are actually going through and doing all of those controls versus agencies haven't been going through and doing those controls themselves," said Matt Goodrich, FedRAMP director.
Despite the General Services Administration's efforts to provide agencies with tools that support the acquisition of cloud computing technologies, there's a growing demand for neutral facilitators, or "cloud brokers," to walk agencies through the selection of a cloud vendor.
While the report said that most agencies are "fence sitters," there are those who are unwilling or hesitant to move to the cloud because these "box huggers...fear loss of control and getting blamed for failure."
The National Institute of Standards and Technology is working on new guidance that will address the distribution and placement of security controls for cloud computing environments.
The Federal Risk and Authorization Management Program aims to accelerate the authorization of cloud computing technologies across the federal government, but instead of one more federal IT security mandate agencies must comply with, FedRAMP Director Matt Goodrich says the program has a unique role to streamline security processes across several initiatives.
A draft overlay for the Trusted Internet Connection, or TIC, is now available for public comment, marking a first step toward increasing agencies' flexibility in adopting cloud solutions.
The General Services Administration's Federal Citizen Services Fund would see an appropriation of $58.4 million for the next fiscal year, under the president's recently unveiled fiscal 2016 budget proposal. The figure is more than a 9 percent jump from fiscal 2015 enacted levels – or about $5.1 million – and significantly more than the offices' fiscal 2014 budget of $50.8 million. Of that $58.4 million, $16 million would go to electronic government, or E-Gov, activities in fiscal 2016.
The federal government Jan. 27 released a long-awaited draft document that establishes a high baseline of security controls for cloud computing service providers, allowing them to host some of the federal government's most sensitive information.
The Defense Information Systems Agency Jan. 13 publicly released guidance that updates and codifies enhanced cybersecurity requirements for implementing and hosting cloud computing systems for certain types of sensitive Defense Department data.
The National Institute of Standards and Technology recently finalized an update to one of two publications that provides a cybersecurity foundation for all of the federal government's information technology systems.