Topic:

Cloud Computing

Latest Headlines

Latest Headlines

FedRAMP milestone update: CSPs compliant with new NIST controls and 'high' security baseline coming

The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap. 

GSA wants agencies to have a greater hand in FedRAMP, outlines 2-year strategy

"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.

Agencies not always leveraging FedRAMP correctly in cloud contract language, say GSA officials

Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.

DoD allows vetted commercial cloud services for sensitive unclassified data, updated guidance says

The guidance essentially codifies certain actions that have already occurred. For example, in August, Amazon Web Services became the first authorized commercial cloud provider to host sensitive unclassified data for DoD.

Public comment sought on NIST draft on developing metrics to select cloud providers

The National Institute of Standards and Technology is seeking public comment on a new draft guide that could help government agencies and other organizations make better decisions in choosing the right cloud computing provider for them.

Standardized cloud SLAs needed, says DHS official

Complex, non-standardized cloud computing service level agreements make comparing cloud offerings during procurement and ensuring proper execution once work is underway difficult for federal agencies and departments, said a Homeland Security Department Official.

DoD not fully implementing cloud computing, not realizing full benefits, IG finds

Two years after the Defense Department released a strategy to implement cloud computing, several elements have still not been completed that could potentially result in lost cost savings, decreased effectiveness and lower security – findings that the department disagreed with, a Dec. 4 audit revealed.

Isolate, control, manage hypervisor environments, says NIST

System administrators working at federal agencies and departments can minimize the risk associated with running virtualized machines on a single host computer, called a hypervisor, by isolating VMs, controlling access, and managing privileged operations and interactions, according to draft security guidance (pdf) issued by the National Institute of Standards and Technology Oct. 20.

Final NIST cloud roadmap sets 'action plans' for gov't cloud adoption

The National Institute of Standards and technology Oct. 21 published a final version of its U.S. Government Cloud Computing Technology Roadmap (pdf). The document lays out 10 requirements – each accompanied by "priority action plans" and target completion dates – necessary for cloud adoption by the federal government.

Commerce IG: Cloud service contracts lack needed clauses, security standards not met

A review of cloud computing services in the Commerce Department found missing clauses in contractors' agreements to permit reviews of their facilities and operations, as well as lack of compliance with federal security standards.