by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 15, 2012
26 October 15, 2012 FCW.COM Cloud security: A closer look at FedRAMP BY JOHN MOORE Security concerns typically provide the chief source of rain for the cloud parade, as worries about data leakage and other cyber maladies have caused federal IT managers to think twice about cloud computing. Indeed, more than 50 percent of respondents to an 1105 Government Information Group survey declared that cloud solutions lack suf cient security. The government is looking for ways to assuage that anxiety and spark cloud adoption because federal data center consolidation efforts --- not to mention the Obama administration s cloud- rst policy --- rely on the technol- ogy. Therefore, the Federal Risk and Authorization Management Program (FedRAMP) brings together of cials from the General Services Administra- tion, Department of Homeland Security and Defense Department, among oth- ers, to provide a standardized approach for determining the security of cloud- based services. FedRAMP launched in June, and as of mid-September, more than 50 commercial vendors and agencies had submitted initiation requests to FedRAMP s program management of ce, said Kathy Conrad, principal deputy associate administrator at GSA s Of ce of Citizen Services and Innova- tive Technologies. Those requests mark the rst step in the FedRAMP security assessment process. FedRAMP now runs in what the government calls an initial operation- al capability mode. It is slated for full operational capability in the second quarter of scal 2013, based on feed- back from the earlier stage. ExecTe c h INITIATION SECURITY ASSESSMENT CONTINUOUS MONITORING Understanding FedRAMP Provide continuous monitoring data feeds Cloud service provider Why it matters FedRAMP s mission is to establish a uniform process for assessing the security of cloud products and serv- ices and thereby boost federal agen- cies con dence in the technology. Paul Nguyen, vice president of cyber solutions at Knowledge Consult- ing Group, said consistency is one of the program s key bene ts. FedRAMP establishes a standard for conducting risk assessments and rigorously certi- es the third-party assessment organi- zations (3PAOs) that will carry out the evaluations based on that standard. At press time, KCG was one of 15 assess- Finalize security assessment Perform security testing 3PAO audit/testing Document security controls Initiate request Notify US-CERT and agency of security incidents Develop a plan of action and milestones
October 30, 2012