Single Standard For Cloud-Computing Services

Single Standard For Cloud-Computing Services

The Federal Risk and Authorization Management Program, also known as FedRAMP, is adopting a “cloud-first” policy that will standardize the basic security requirements that cloud-computing providers, such as Google and Microsoft, will have to meet before receiving government contracts. Third-party assessment organizations will be hired to verify whether companies meet the basic security requirements.

This change is aimed to improve IT procurement and comes as the government is in the process of transferring computer services, such as e-mails, to cloud-based systems. Technology programs have been shut down in the last months because they have been running over budget and behind schedule, so fixing IT is a priority. The main goal is to build a security framework where the rules and policies are applied consistently across multiple projects.

How will this program work?

This initiative will standardize the security of cloud products and services and accelerate their adoption. The purpose is to set one government-wide cloud security program, meaning that a vendor would not have to repeat the security approval process every time it wants to bid on a cloud-computing contract.

A list with accredited third-party assessment organizations is available for vendors to help them authenticate more than 160 security controls, including spam filter capabilities and encryption standards.

What are the benefits of the program?

  • The process will reduce the redundancy of multiple agencies evaluating the same cloud product. For companies, the time to sell to the government will be shorter.
  • Increases re-use of existing security assessments across agencies.
  • Saves significant cost, time and resources.
  • Enhances transparency between government and cloud service providers (CSPs).
  • Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process.

The program is managed by the General Services Administration, as part of the Department of Homeland Security. You can read more about FedRamp at this GSA page:
If it brings the standards that everyone awaits in cloud computing, it will be a great win, both for CSPs working in the government projects and the entire industry. In time, we will see if this is a good initiative or not. What do you think?

By Rick Blaisdell / RicksCloud

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Sponsor Programs
Cloud Thought Leaders And Contributors

Write For Us - Find Out More!

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.