The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap.
"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.
Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.
A review of cloud computing services in the Commerce Department found missing clauses in contractors' agreements to permit reviews of their facilities and operations, as well as lack of compliance with federal security standards.
The Energy Department is falling short in effectively and efficiently purchasing, implementing and managing its cloud computing technologies, an internal audit found.
An internal investigation found that the U.S. Postal Service's cloud computing contracts did not comply with all of the agency's standards.
The FBI is seeking commercial cloud-computing options that can store vast amounts of criminal justice data. In a recent request for information, the bureau said it wants an on-site, infrastructure-as-a-service, "cloud in a box" system to support the Criminal Justice Information Services division in Clarksburg, W.Va., at multiple locations across the country
The Drug Enforcement Administration is planning to make its first tentative steps into the federal cloud computing arena as it seeks a solution to store sensitive crime data.
Improving cybersecurity emerged as the top priority again for federal chief information officers and chief information security officers, according to an annual survey from industry group TechAmerica.
After two years of planning, agencies are now required to use the Federal Risk and Authorization Management Program for cloud services designated as low or moderate security risk under the Federal Information Security Management Act, or FISMA.