by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 30, 2013
October 30, 2013 FCW.COM 37 DrillDown 10 steps toward FedRAMP compliance In recent weeks, the BrightLine FedRAMP team has noticed a sig- ni cant uptick in the number of calls from cloud service providers (CSPs) seeking information on the Federal Risk and Authorization Management Program s assessment processes and services. Moreover, we have noticed that the tone of those calls has changed from curiosity to concern and, in many cases, utter panic. So what is happening? First, a quick recap: FedRAMP is the federal government s risk and security assessment program for cloud-based services as part of the "cloud- rst" ini- tiative and was designed to make the assessment process more ef cient by providing a "do once, use many times" framework. The program standardizes the risk assessment process for every federal agency. Prior to FedRAMP, each agen- cy conducted its own risk assessment for each procured cloud service, which led to multiple and redundant securi- ty assessments for identical services. However, now a CSP that completes a FedRAMP assessment and obtains an authority to operate is eligible for procurement by any federal agency (with a few caveats). Therefore, both the cloud- rst initia- tive and FedRAMP have pushed fed- eral agencies to work with third-party CSPs. And those CSPs, based on the Of ce of Management and Budget s policy memo, must be FedRAMP- compliant by June 2014. OMB has already begun monitoring federal agencies for the use of non- compliant CSPs through a process called PortfolioStat. After the June 2014 deadline, agencies that are still working with non-compliant CSPs will be subject to a complete IT investment portfolio review by OMB. Agency lead- ers are realizing that time is running out to buy and implement FedRAMP- compliant systems, and as of today, they have only nine authorized CSPs to choose from. The number of new and existing CSPs undergoing FedRAMP authori- zation will only increase in the coming year. But providers and agencies alike would do well to understand just what that process entails. On the upside, the push for FedRAMP compliance will open a vast new market of agency customers that are required to purchase cloud serv- ices. However, the downside is going to be the challenge of CSPs obtaining FedRAMP compliance within a very tight time frame. I can t stress enough that implement- ing FedRAMP is no easy task for a CSP, especially one that has not sold serv- ices to an agency in the past. It is not a check-the-box exercise that can be done in a month or two, and it is not comparable to an examination under the SSAE 16 or SOC 2 nancial report- After June 2014, agencies can use only cloud service providers that are FedRAMP- compliant. Here's what CSPs must do to get there. BY BRYAN GRAF " " I can't stress enough that implementing FedRAMP is no easy task for a CSP, especially one that has not sold services to an agency in the past.
September 30, 2013
November 15, 2013