Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
What does finalized FedRAMP plan mean for industry?
Thursday - 12/8/2011, 7:11pm EST
Federal News Radio
The Office of Management and Budget has finally released its cloud-computing security strategy, known as FedRAMP.
Federal Chief Information Officer Steven VanRoekel, who released details of the plan, called the finalized Federal Risk and Authorization Management Program a "first step" in ongoing cloud security.
"We will continue to get feedback, continue to evolve and take the FedRAMP process forward." VanRoekel said.
But how is industry reacting, so far?
Jennifer Kerber, the vice president of homeland security at TechAmerica, an industry group representing technology contractors, joined In Depth with Francis Rose to discuss the finalized FedRAMP plan.
"We're excited the FedRAMP policy is out there," Kerber said. "We look forward to seeing the controls, and we look forward to working with the government on implementing FedRAMP, especially as it's sort of the first step in making cloud easier to deploy and quicker to deploy for low- and moderate-security level programs."
One of the benefits could come in streamlined certification and accreditation, Kerber said, which is now mostly a fragmented, agency-by-agency process.
She cited research showing the government spent $300 million in 2009, alone, on that review process. "And that's on the government side. Industry pays a price for those C&As as well," she added.
"So, if we have a uniform, unified approach to risk management for cloud programs and we could go through and receive an authority to operate across government — so we're not doing it continually all the time — it's a cost-savings to industry and government."
And that, in turn, could help speed the adoption rate of cloud services, Kerber said.
Federal CIO Steven VanRoekel called this approach a "do once, use many" approach. The Defense and Homeland Security Departments, along with the General Services Administration will oversee a governmentwide FedRAMP authorization board, which will issue provisional authority for vendors to operate as well as approve third-party assessment organizations.