Page 2 of 2
According to the General Services Administration (GSA), which helped draft the document, FedRAMP was established to provide a standard approach to assessing and authorizing cloud computing services and products and to allow joint authorizations and continuous security monitoring services for government and commercial cloud systems intended for multiagency use. Using joint authorizations will enable a common security risk model that can be leveraged across the federal government to create a consistent baseline for cloud-based technologies, the GSA said.
"Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud," David McClure, GSA's Associate Administrator for Citizen Services and Innovative Technologies, said in a statement. "FedRAMP's uniform set of security authorizations can eliminate the need for each agency to conduct duplicative, time-consuming, costly security reviews."
The GSA and the Chief Information Officers Council are seeking public comment on the guidelines and requirements by December 3.
The drafted security requirements follows a May plea by Kundra for standards around security, interoperability and data portability before the U.S. government can fully embrace cloud computing. At that time, Kundra said that for the cloud to truly take hold in the government the feds must develop standards to avoid inefficiencies and security holes.
"What's important today is the [development of standards] in the area of security, interoperability and data portability" to ensure information is protected; clouds and the computer applications they support can work together; and content can be moved within and among different clouds without jeopardizing access to or integrity of the data, Kundra said during his keynote speech at the Cloud Computing Forum and Workshop hosted by the National Institute of Standards and Technology (NIST).