Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Search Tags: FedRAMP
Vendors wanting to provide cloud services to the government must first receive support from these nine organizations that they are meeting the cloud computing security controls.
GSA, NIST to name the first batch of outside organizations who will test and validate commercial cloud products against baseline security standards in the FedRAMP cloud security program in May. The Joint Authorization Board also will release guidance to industry on how to implement the security requirements in the coming months. FedRAMP still is months from approving its first set of vendors.
Tags: technology , Cybersecurity , third party accreditors , cloud computing , NIST , GSA , DoD , DHS , David McClure , David DeVries , Richard Spires , Jared Serbu , AFFIRM , industry , Cybersecurity Update
Latisys CEO Peter Stevenson explains how his company can help your agency or business move to the cloud.
April 3, 2012
Tags: technology , Peter Stevenson , Latisys , cloud computing , data centers , data collection , compliance , SAS 70 , SSAE 16 , SOC 2 , SOC 3 , regulations , John Gilroy , Federal Tech Talk , ARMATURE
Dave McClure, the associate administrator in the OCSIT, and Kathy Conrad, the principal deputy associate administrator joined In Depth with Francis Rose to discuss the work the office does and the progress on cloud-computing security standards in particular.
The committee charged with assuring cloud computing services meet federal cyber standards under the FedRAMP program will have seven broad responsibilities.
The goal is for agencies to offer on a fee-for-service basis excess cloud capacity. GSA's Dave McClure said financial management, human resources, customer relationship management and geospatial services are some of the possible offerings.
Under the new concept of operations, the interagency board now is letting vendors submit their cloud services for approval without first having to have a contract. The document details three major areas of how the FedRAMP process will work. The program management office will release two other major documents in the coming months to further detail the cloud security process.
The Joint Authorization Board releases specific requirements around each of the security controls for FedRAMP for systems needing low and moderate security levels. GSA and IAC will hold an industry day Wednesday.
Under the cloud security requirements, vendors who want to be third party assessment organizations and cloud service providers must prove they have walled-off the two parts of their company. GSA released details Dec. 8 and held an industry day Dec. 16 for vendors who want to be third-party assessers. GSA expects to release the FedRAMP security controls early in 2012.
"Crawl before you can walk. Walk before you can run." That's how Federal CIO Steve VanRoekel framed his 2012 priorities in his first speech to government IT contractors in Washington. He said agencies would have to do "more with less," but he wanted to emphasize the "more."