by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
FCW : October 15, 2012
26 October 15, 2012 FCW.COM Cloud security: A closer look at FedRAMP BY JOHN MOORE Security concerns typically provide the chief source of rain for the cloud parade, as worries about data leakage and other cyber maladies have caused federal IT managers to think twice about cloud computing. Indeed, more than 50 percent of respondents to an 1105 Government Information Group survey declared that cloud solutions lack suf cient security. The government is looking for ways to assuage that anxiety and spark cloud adoption because federal data center consolidation efforts --- not to mention the Obama administration s cloud- rst policy --- rely on the technol- ogy. Therefore, the Federal Risk and Authorization Management Program (FedRAMP) brings together of cials from the General Services Administra- tion, Department of Homeland Security and Defense Department, among oth- ers, to provide a standardized approach for determining the security of cloud- based services. FedRAMP launched in June, and as of mid-September, more than 50 commercial vendors and agencies had submitted initiation requests to FedRAMP s program management of ce, said Kathy Conrad, principal deputy associate administrator at GSA s Of ce of Citizen Services and Innova- tive Technologies. Those requests mark the rst step in the FedRAMP security assessment process. FedRAMP now runs in what the government calls an initial operation- al capability mode. It is slated for full operational capability in the second quarter of scal 2013, based on feed- back from the earlier stage. ExecTe c h INITIATION SECURITY ASSESSMENT CONTINUOUS MONITORING Understanding FedRAMP Provide continuous monitoring data feeds Cloud service provider Why it matters FedRAMP s mission is to establish a uniform process for assessing the security of cloud products and serv- ices and thereby boost federal agen- cies con dence in the technology. Paul Nguyen, vice president of cyber solutions at Knowledge Consult- ing Group, said consistency is one of the program s key bene ts. FedRAMP establishes a standard for conducting risk assessments and rigorously certi- es the third-party assessment organi- zations (3PAOs) that will carry out the evaluations based on that standard. At press time, KCG was one of 15 assess- Finalize security assessment Perform security testing 3PAO audit/testing Document security controls Initiate request Notify US-CERT and agency of security incidents Develop a plan of action and milestones
October 30, 2012