The General Services Administration late last week released security standards cloud solutions must meet before operating within federal agencies.
The security controls are part of the Federal Risk Authorization and Management Program (FedRAMP) launched by the federal chief information officer in December. FedRAMP is intended to quickly ensure that commercial cloud computing technology meets federal security standards so that agencies can more readily adopt it.
The security requirements, largely based on standards set by the National Institute of Standards and Technology, will apply to information technology systems at the low and moderate security levels. They address issues such as continuous monitoring and vendors notifying system administrators and FedRAMP of any malicious code.
GSA officials will provide more details about FedRAMP and the security controls at a briefing on Wednesday.
Starting next month, GSA will begin releasing documents that detail how the requirements of each security control will be met and how the implementation of each control will be assessed and tested. On Feb. 7, GSA will release the FedRAMP Concepts of Operations.
Fedline » GSA names FedRAMP third party assessors Says:
May 15th, 2012 at 1:00 pm
[...] an approved third party assessment organization, or 3PAO, to validate if they’ve implemented baseline security standards. For years, these security reviews have varied across government and have cost agencies millions of [...]