Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
What does finalized FedRAMP plan mean for industry?
Thursday - 12/8/2011, 7:11pm EST
Federal News Radio
The Office of Management and Budget has finally released its cloud-computing security strategy, known as FedRAMP.
Federal Chief Information Officer Steven VanRoekel, who released details of the plan, called the finalized Federal Risk and Authorization Management Program a "first step" in ongoing cloud security.
"We will continue to get feedback, continue to evolve and take the FedRAMP process forward." VanRoekel said.
But how is industry reacting, so far?
Jennifer Kerber, the vice president of homeland security at TechAmerica, an industry group representing technology contractors, joined In Depth with Francis Rose to discuss the finalized FedRAMP plan.
"We're excited the FedRAMP policy is out there," Kerber said. "We look forward to seeing the controls, and we look forward to working with the government on implementing FedRAMP, especially as it's sort of the first step in making cloud easier to deploy and quicker to deploy for low- and moderate-security level programs."
One of the benefits could come in streamlined certification and accreditation, Kerber said, which is now mostly a fragmented, agency-by-agency process.
She cited research showing the government spent $300 million in 2009, alone, on that review process. "And that's on the government side. Industry pays a price for those C&As as well," she added.
"So, if we have a uniform, unified approach to risk management for cloud programs and we could go through and receive an authority to operate across government — so we're not doing it continually all the time — it's a cost-savings to industry and government."
And that, in turn, could help speed the adoption rate of cloud services, Kerber said.
Federal CIO Steven VanRoekel called this approach a "do once, use many" approach. The Defense and Homeland Security Departments, along with the General Services Administration will oversee a governmentwide FedRAMP authorization board, which will issue provisional authority for vendors to operate as well as approve third-party assessment organizations.