Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
What does finalized FedRAMP plan mean for industry?
Thursday - 12/8/2011, 7:11pm EST
Federal News Radio
The Office of Management and Budget has finally released its cloud-computing security strategy, known as FedRAMP.
Federal Chief Information Officer Steven VanRoekel, who released details of the plan, called the finalized Federal Risk and Authorization Management Program a "first step" in ongoing cloud security.
"We will continue to get feedback, continue to evolve and take the FedRAMP process forward." VanRoekel said.
But how is industry reacting, so far?
Jennifer Kerber, the vice president of homeland security at TechAmerica, an industry group representing technology contractors, joined In Depth with Francis Rose to discuss the finalized FedRAMP plan.
"We're excited the FedRAMP policy is out there," Kerber said. "We look forward to seeing the controls, and we look forward to working with the government on implementing FedRAMP, especially as it's sort of the first step in making cloud easier to deploy and quicker to deploy for low- and moderate-security level programs."
One of the benefits could come in streamlined certification and accreditation, Kerber said, which is now mostly a fragmented, agency-by-agency process.
She cited research showing the government spent $300 million in 2009, alone, on that review process. "And that's on the government side. Industry pays a price for those C&As as well," she added.
"So, if we have a uniform, unified approach to risk management for cloud programs and we could go through and receive an authority to operate across government — so we're not doing it continually all the time — it's a cost-savings to industry and government."
And that, in turn, could help speed the adoption rate of cloud services, Kerber said.
Federal CIO Steven VanRoekel called this approach a "do once, use many" approach. The Defense and Homeland Security Departments, along with the General Services Administration will oversee a governmentwide FedRAMP authorization board, which will issue provisional authority for vendors to operate as well as approve third-party assessment organizations.