The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap.
"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.
Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.
The guidance essentially codifies certain actions that have already occurred. For example, in August, Amazon Web Services became the first authorized commercial cloud provider to host sensitive unclassified data for DoD.
The National Institute of Standards and Technology is seeking public comment on a new draft guide that could help government agencies and other organizations make better decisions in choosing the right cloud computing provider for them.
Complex, non-standardized cloud computing service level agreements make comparing cloud offerings during procurement and ensuring proper execution once work is underway difficult for federal agencies and departments, said a Homeland Security Department Official.
Two years after the Defense Department released a strategy to implement cloud computing, several elements have still not been completed that could potentially result in lost cost savings, decreased effectiveness and lower security – findings that the department disagreed with, a Dec. 4 audit revealed.
System administrators working at federal agencies and departments can minimize the risk associated with running virtualized machines on a single host computer, called a hypervisor, by isolating VMs, controlling access, and managing privileged operations and interactions, according to draft security guidance (pdf) issued by the National Institute of Standards and Technology Oct. 20.
The National Institute of Standards and technology Oct. 21 published a final version of its U.S. Government Cloud Computing Technology Roadmap (pdf). The document lays out 10 requirements – each accompanied by "priority action plans" and target completion dates – necessary for cloud adoption by the federal government.
A review of cloud computing services in the Commerce Department found missing clauses in contractors' agreements to permit reviews of their facilities and operations, as well as lack of compliance with federal security standards.