The National Institute of Standards and Technology released April 30 its fourth version of Special Publication 800-53, the catalog of controls most agencies utilize in their cybersecurity programs. We spoke that day with Ron Ross, NIST Federal Information Security Management Act implementation and leader of the joint task force that put together the new revision.
The Defense Information Systems Agency announced April 16 it has achieved initial operational capacity as the commercial cloud computing middleman for the Defense Department--despite its acknowledgment that it has yet to fully approve for DoD use any FedRAMP-authorized commercial cloud service providers.
The General Services Administration will beginning March 25 no longer accept new or re-submitted applications for organizations applying to become Third Party Assessment Organizations, a key component of the Federal Risk and Authorization Management Program.
The General Services Administration says it will turn over to the private sector the process of certifying new organizations that certify private sector cloud computer offerings for federal use.
While federal agencies have made progress expanding their use of cloud services, many challenges remain for full implementation, Citizens Against Government Waste says in its 2012 review of the federal cloud.
A Cary, N.C.-based small business has received the first Federal Risk and Authorization Management Program provisional cloud security authorization from the FedRAMP Joint Authorization Board, says a General Services Administration press release .
The Federal Risk Authorization Management Program, or FedRAMP , is still in the early stages of implementation. "We are in the initial capability stage of our program, and things are subject to change during that time. We are still working on some of the kinks," said Katie Lewin, program manager for cloud computing at GSA.
Agencies are making progress in crafting and piloting bring your own device, or BYOD, mobile strategies, but several challenges remain. Reimbursement is one unresolved question facing agencies such as the Internal Revenue Service."The reimbursement challenge is something that I think is the next level in BYOD," said Kimberly Hancher, CIO of the Equal Employment Opportunity Commission.
A new survey finds that although much of federal information technology has yet to move to the cloud, agencies may be gaining confidence and moving more critical systems to the cloud. Ninety-five percent of respondents in a survey published Sept. 6 by nCircle say one-third or less of their infrastructure has migrated to the cloud, but 32 percent say they are migrating moderate impact data.
DoD CIO Teri Takai's office will establish a joint enterprise cloud-computing governance structure to manage implementation of the strategy, according to the report. DoD says it anticipates challenges including sustaining funding, migrating and managing data, and tactical users' dependency on the network.The Pentagon plans to use the Federal Risk and Authorization Management Program, or FedRAMP , to standardize the authorization and management of cloud-computing services and providers.