Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Search Tags: FedRAMP
Dave McClure, the associate administrator in the OCSIT, and Kathy Conrad, the principal deputy associate administrator joined In Depth with Francis Rose to discuss the work the office does and the progress on cloud-computing security standards in particular.
The committee charged with assuring cloud computing services meet federal cyber standards under the FedRAMP program will have seven broad responsibilities.
The goal is for agencies to offer on a fee-for-service basis excess cloud capacity. GSA's Dave McClure said financial management, human resources, customer relationship management and geospatial services are some of the possible offerings.
Under the new concept of operations, the interagency board now is letting vendors submit their cloud services for approval without first having to have a contract. The document details three major areas of how the FedRAMP process will work. The program management office will release two other major documents in the coming months to further detail the cloud security process.
The Joint Authorization Board releases specific requirements around each of the security controls for FedRAMP for systems needing low and moderate security levels. GSA and IAC will hold an industry day Wednesday.
Under the cloud security requirements, vendors who want to be third party assessment organizations and cloud service providers must prove they have walled-off the two parts of their company. GSA released details Dec. 8 and held an industry day Dec. 16 for vendors who want to be third-party assessers. GSA expects to release the FedRAMP security controls early in 2012.
"Crawl before you can walk. Walk before you can run." That's how Federal CIO Steve VanRoekel framed his 2012 priorities in his first speech to government IT contractors in Washington. He said agencies would have to do "more with less," but he wanted to emphasize the "more."
OMB sets a six-month deadline for initial capabilities to be ready. Along with the cloud security standards and process, the administration highlighted other accomplishments on the one-year anniversary of the 25-point IT Reform plan. The White House said a new draft shared services strategy will focus on commodity IT services.
Office of Management and Budget Director Jacob Lew has approved the cloud security memo and guidance, known as FedRAMP, pushing it to the brink of public release, Federal News Radio has learned. Multiple sources confirmed Lew approved the documents before Thanksgiving and OMB could issue the memo and guidance as early as next week.
The Homeland Security Department and NASA moving to the cloud to support mission needs and reduce the cost and effort to support back-office systems. Federal Chief Information Officer Steven VanRoekel said he is focusing on four areas of cloud: agencies, procurement, international and cybersecurity.