Century Link, HP and CA Technologies are among the companies with cloud solutions awaiting final approval under a governmentwide security program. Specifically, these companies are working to obtain a Joint Authorization Board Provisional Authorization for a specific cloud offering. That’s basically a seal of approval from an interagency board of chief information officers at the General Services Administration, Homeland Security and Defense departments, acknowledging that companies have met minimum federal standards for securing cloud solutions. See a complete list of companies awaiting JAB approval here. As required by the Federal Risk and Authorization program (FedRAMP), the cloud vendors first hired an independent assessment organization…
Browsing: FedRAMP
Federal officials are working to streamline the government’s security program for cloud products and services. A critical part of the Federal Risk and Authorization Management Program (FedRAMP)mandates that cloud vendors hire a third-party organization to verify they meet federal security requirements. Today, the General Services Administration and the National Institute of Standards and Technology must first approve those third party-organizations, or 3PAOs. Then there’s the task of monitoring the performance of the 3PAOs and recommending whether to renew or revoke their status. In a request for information to industry, GSA asked for input on how to privatize the accreditation process for 3PAOs. As FedRAMP…
CGI Federal this month became the second vendor to complete a new security review process for all federal cloud products and services. The Virginia-based company already provides cloud computing services for several agencies, including the Department of Homeland Security, the General Services Administration and the Environmental Protection Agency. The Federal Risk and Authorization Management Program (FedRAMP) was launched in June to standardize security reviews of commercial cloud products and is housed within GSA. North Carolina-based Autonomic Resources was the first company to receive what’s called a provisional authority to operate from FedRAMP’s joint board of CIOs. The provisional ATO proves a…
North Carolina-based Autonomic Resources last week became the only firm to complete a new security review process for all federal cloud products and services. The Federal Risk and Authorization Management Program (FedRAMP) was launched in June to standardize security reviews of commercial cloud products. The program is housed within the General Services Administration. As part of FedRAMP, a joint board of chief information officers from the Homeland Security and Defense departments and GSA reviewed Autonomic’s cloud offering and whether it met federal security standards. The company had to verify that it met some 300 security requirements, including proof that its…
A program intended to standardize the government’s security certification of cloud products and services is now accepting vendor applications. Starting Wednesday, cloud service providers and agencies can apply to have products and services vetted under the Federal Risk and Authorization program (FedRAMP). The program is managed by the General Services Administration. Companies that already provide cloud technology to agencies under GSA’s Infrastructure-as-a-Service contract will be among the first to have their technology vetted through FedRAMP. Companies on existing government contracts that provide popular cloud services, such as email services, will get priority vetting early on. By June 2014, all cloud…
An initial group of nine organizations has been selected to provide independent security reviews of cloud products and services used in the federal government. As part of the Federal Risk and Authorization program (FedRAMP), expected to launch June 6, vendors must work with an approved third party assessment organization, or 3PAO, to validate if they’ve implemented baseline security standards. For years, these security reviews have varied across government and have cost agencies millions of dollars each year. Approved 3PAOs include (click here for contact information): COACT, Inc. Department of Transportation Enterprise Service Center Dynamics Research Corporation J.D. Biggs and Associates Inc.…
Federal officials have completed two test runs of the government’s new cloud computing assesment program to work out any kinks before the June launch. The General Services Administration, which manages the Federal Risk and Authorization Management Program (FedRAMP), held training sessions for chief information officers from GSA and the Defense and Homeland Security departments to simulate their roles on an interagency review board, said Dave McClure, associate administrator of GSA’s Office of Citizen Services and Innovative Technologies. CIOs reviewed mock security assesments to discuss if they met FedRAMP standards. Starting in June, the interagency board will review companies on GSA’s Infrastructure-as-a-Service contract and others…
As many as 20 cloud computing vendors will be certified for federal use under a new security assessment program when it launches in June. The General Services Administration, which manages the Federal Risk and Authorization Management Program (FedRAMP), has said that companies already providing cloud technology to agencies under GSA’s Infrastructure-as-a-Service contract will be among the first to have their technology vetted through the program. Vendors on GSA’s upcoming Email-as-a-Service contract will also be given priority. After being vetted and meeting any additional standards to ensure security, companies are approved to offer their products and services for sale to agencies.…
The National Institute of Standards and Technology on Tuesday released proposed revisions to its requirements that govern how agencies secure their federal information systems. Proposed changes to Special Publication 800-53, Revision 4, address new challenges that agencies face, including insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST said in a news release. “The changes we propose in Revision 4 are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time,” NIST fellow Ron Ross…
The General Services Administration late last week released security standards cloud solutions must meet before operating within federal agencies. The security controls are part of the Federal Risk Authorization and Management Program (FedRAMP) launched by the federal chief information officer in December. FedRAMP is intended to quickly ensure that commercial cloud computing technology meets federal security standards so that agencies can more readily adopt it. The security requirements, largely based on standards set by the National Institute of Standards and Technology, will apply to information technology systems at the low and moderate security levels. They address issues such as continuous monitoring…