Government Closes In On Cloud Computing Security Regulations


The White House this week laid out preliminary cloud computing security guidelines as part of the Federal Risk and Authorization Management Program (FedRAMP).

In a 90-page document, the Obama administration drafted the potential security requirements needed to help federal government agencies adopt cloud computing technologies and services and reduce redundant processes. The document, titled "Proposed Security Assessment and Authorization for U.S. Government Cloud Computing," looks to identify security and risk assessment requirements that must be met by in order for the government to move to the cloud.

The Obama administration and Federal CIO Vivek Kundra have said that cloud computing is among the top IT plans within the federal government, but before government-wide adoption begins a common set of security requirements is needed.

In the document, three key cloud computing areas are covered. It offers a list of baseline security controls for cloud computing systems; processes through which authorized cloud systems will be continual monitored; and propose operational approaches for assessments and authorizations of cloud computing systems. The FedRAMP specifications look to put forth a uniform set of requirements to be followed by vendors and contractors. The system will utilize a standardized approach for security authorizations to streamline the cloud procurement process across different agencies.

"As part of the President’s Accountable Government Initiative, we are working to close the IT gap between the private and public sectors, and leverage technology to make government work harder, smarter, and faster for the American people," Kundra said in a statement. "By simplifying how agencies procure cloud-computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government’s data center footprint."

 

Next: Cloud Security Is Big Challenge