Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Search Tags: FedRAMP
Vendors wanting to provide cloud services to the government must first receive support from these nine organizations that they are meeting the cloud computing security controls.
GSA, NIST to name the first batch of outside organizations who will test and validate commercial cloud products against baseline security standards in the FedRAMP cloud security program in May. The Joint Authorization Board also will release guidance to industry on how to implement the security requirements in the coming months. FedRAMP still is months from approving its first set of vendors.
Tags: technology , cybersecurity , third party accreditors , cloud computing , NIST , GSA , DoD , DHS , David McClure , David DeVries , Richard Spires , Jared Serbu , AFFIRM , Industry , Cybersecurity Update
Latisys CEO Peter Stevenson explains how his company can help your agency or business move to the cloud.
April 3, 2012
Tags: technology , Peter Stevenson , Latisys , cloud computing , data centers , data collection , compliance , SAS 70 , SSAE 16 , SOC 2 , SOC 3 , regulations , John Gilroy , Federal Tech Talk , ARMATURE
Dave McClure, the associate administrator in the OCSIT, and Kathy Conrad, the principal deputy associate administrator joined In Depth with Francis Rose to discuss the work the office does and the progress on cloud-computing security standards in particular.
The committee charged with assuring cloud computing services meet federal cyber standards under the FedRAMP program will have seven broad responsibilities.
The goal is for agencies to offer on a fee-for-service basis excess cloud capacity. GSA's Dave McClure said financial management, human resources, customer relationship management and geospatial services are some of the possible offerings.
Under the new concept of operations, the interagency board now is letting vendors submit their cloud services for approval without first having to have a contract. The document details three major areas of how the FedRAMP process will work. The program management office will release two other major documents in the coming months to further detail the cloud security process.
The Joint Authorization Board releases specific requirements around each of the security controls for FedRAMP for systems needing low and moderate security levels. GSA and IAC will hold an industry day Wednesday.
Under the cloud security requirements, vendors who want to be third party assessment organizations and cloud service providers must prove they have walled-off the two parts of their company. GSA released details Dec. 8 and held an industry day Dec. 16 for vendors who want to be third-party assessers. GSA expects to release the FedRAMP security controls early in 2012.
"Crawl before you can walk. Walk before you can run." That's how Federal CIO Steve VanRoekel framed his 2012 priorities in his first speech to government IT contractors in Washington. He said agencies would have to do "more with less," but he wanted to emphasize the "more."