The FBI is seeking commercial cloud-computing options that can store vast amounts of criminal justice data. In a recent request for information, the bureau said it wants an on-site, infrastructure-as-a-service, "cloud in a box" system to support the Criminal Justice Information Services division in Clarksburg, W.Va., at multiple locations across the country
The Drug Enforcement Administration is planning to make its first tentative steps into the federal cloud computing arena as it seeks a solution to store sensitive crime data.
Improving cybersecurity emerged as the top priority again for federal chief information officers and chief information security officers, according to an annual survey from industry group TechAmerica.
After two years of planning, agencies are now required to use the Federal Risk and Authorization Management Program for cloud services designated as low or moderate security risk under the Federal Information Security Management Act, or FISMA.
Depending on where you stand, FedRAMP is a lot of things – a cloud certification process, a vetting tool for acquisition, but for agencies it could be a dependable line of defense against the next Heartbleed-like vulnerability.
Private sector cloud providers with a FedRAMP provisional authorization making them eligible to sell services to federal agencies will have about a year to implement the new minimum set of security controls.
Private sector cloud computing providers will have a changed set of security controls to adhere to when selling to federal agencies starting later this summer.
All military services and Defense Department components are now permitted to lease computing space through Amazon Web Services.
A paper co-authored by a former government executive who occupied the position now known as the federal chief information officer recommends greater integration of cybersecurity efforts with federal cloud adoption.
"It all boils down to one thing. Do the cloud providers have skin in the game?" Jeff Eisensmith said at the Federal Cloud Computing Summit in Washington, D.C. Eisensmith said a requirement to buy insurance for everyone whose personally identifiable information is lost can be the basis for security in a service level agreement.