by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2014
Trending stolen credentials were traded by criminals in 2014, credit agency Experian estimates 110 million 8 November/December 2014 FCW.COM As acting director of the General Ser- vices Administration’s Federal Risk and Authorization Management Pro- gram, Matthew Goodrich is tasked with both enabling and encouraging agencies to embrace the standard- ized governmentwide framework for cloud security. FCW’s Mark Rockwell spoke with Goodrich about the prog- ress to date and the outlook for 2015. Below is an excerpt of that conver- sation. For more from this interview, go to is.gd/FCW_FedRAMP15. What are the priorities for FedRAMP in 2015? In the next six months, you’ll see a two-year road map that will highlight our priorities over the next six, 12, 18 and 24 months. One of our key focus items is going to be making sure that we engage with agencies much more directly and help them complete and achieve more FedRAMP [authorities to operate] and make sure they’re FedRAMP-compliant. You’ll also see us publish a lot more guidance, education and training mod- ules for our stakeholders — first in a more generic, open-to-everybody manner and then more directed at specific stakeholder groups as we continue to expand the knowledge base and training. You’ll also see us focus on the effi- ciencies of the program, incorporating lessons learned back into our docu- mentation. Also, we’re looking at how effectively we’re using our [third-party assessment organizations’] work prod- uct to cut down some of our review cycles based on the quality of the products they’ve delivered to us, as well as aligning cloud providers with the most appropriate path for them to get authorization, whether that’s the Joint Authorization Board, through the agency or directly through the [cloud service providers]. We will continue to grow, mature and adapt the program. We’ll continue to work with the [Continuous Diag- nostics and Mitigation] program at [the Department of Homeland Secu- rity], so that we’re aligned as we move forward. We’ll also work with the [Trusted Internet Connections] pro- gram, as well as finally beginning to address the high [security] baseline that our stakeholders have been ask- ing for for a while. There has been criticism of the FedRAMP process as burdensome and prone to bottlenecks. How would you respond? That’s why we’re trying to engage with our agencies more directly so they understand the process and the intent behind it. FedRAMP didn’t intend to change the processes by which agencies authorize IT systems. We wanted to ensure that agencies did it consistent- ly between one agency to another so the federal government had a stan- dardized way to assess risk in a cloud environment [and] so agencies could reuse it. In making sure agencies fully under- stand what it means to be FedRAMP- compliant, I still think there is some confusion out there about what it takes to do that and the varying lev- els of review. Would you say FedRAMP is living up to its potential? I think where we are at two-and-a-half years, absolutely. There’s always room for growth, and we’re excited to con- tinue on the path that we’ve made. ■ Matthew Goodrich on the future of FedRAMP INK TANK HURDFORCONGRESS.COM