The federal government Jan. 27 released a long-awaited draft document that establishes a high baseline of security controls for cloud computing service providers, allowing them to host some of the federal government's most sensitive information.
The Defense Information Systems Agency Jan. 13 publicly released guidance that updates and codifies enhanced cybersecurity requirements for implementing and hosting cloud computing systems for certain types of sensitive Defense Department data.
The National Institute of Standards and Technology recently finalized an update to one of two publications that provides a cybersecurity foundation for all of the federal government's information technology systems.
The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap.
"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.
Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.
A review of cloud computing services in the Commerce Department found missing clauses in contractors' agreements to permit reviews of their facilities and operations, as well as lack of compliance with federal security standards.
The Energy Department is falling short in effectively and efficiently purchasing, implementing and managing its cloud computing technologies, an internal audit found.
An internal investigation found that the U.S. Postal Service's cloud computing contracts did not comply with all of the agency's standards.
The FBI is seeking commercial cloud-computing options that can store vast amounts of criminal justice data. In a recent request for information, the bureau said it wants an on-site, infrastructure-as-a-service, "cloud in a box" system to support the Criminal Justice Information Services division in Clarksburg, W.Va., at multiple locations across the country