Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- Value of Health IT
Shows & Panels
What does finalized FedRAMP plan mean for industry?
Thursday - 12/8/2011, 7:11pm EST
Federal News Radio
The Office of Management and Budget has finally released its cloud-computing security strategy, known as FedRAMP.
Federal Chief Information Officer Steven VanRoekel, who released details of the plan, called the finalized Federal Risk and Authorization Management Program a "first step" in ongoing cloud security.
"We will continue to get feedback, continue to evolve and take the FedRAMP process forward." VanRoekel said.
But how is industry reacting, so far?
Jennifer Kerber, the vice president of homeland security at TechAmerica, an industry group representing technology contractors, joined In Depth with Francis Rose to discuss the finalized FedRAMP plan.
"We're excited the FedRAMP policy is out there," Kerber said. "We look forward to seeing the controls, and we look forward to working with the government on implementing FedRAMP, especially as it's sort of the first step in making cloud easier to deploy and quicker to deploy for low- and moderate-security level programs."
One of the benefits could come in streamlined certification and accreditation, Kerber said, which is now mostly a fragmented, agency-by-agency process.
She cited research showing the government spent $300 million in 2009, alone, on that review process. "And that's on the government side. Industry pays a price for those C&As as well," she added.
"So, if we have a uniform, unified approach to risk management for cloud programs and we could go through and receive an authority to operate across government — so we're not doing it continually all the time — it's a cost-savings to industry and government."
And that, in turn, could help speed the adoption rate of cloud services, Kerber said.
Federal CIO Steven VanRoekel called this approach a "do once, use many" approach. The Defense and Homeland Security Departments, along with the General Services Administration will oversee a governmentwide FedRAMP authorization board, which will issue provisional authority for vendors to operate as well as approve third-party assessment organizations.