by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : February 2014
Just as agencies and vendors are starting to get the knack of complying with the Federal Risk and Authorization Manage- ment Program, the General Ser- vices Administration is preparing to revise FedRAMP s baseline stan- dards. GSA solicited public comments last summer on the FedRAMP update and is now revising the stan- dards, which cloud service provid- ers must meet in order to sell to agencies. The changes are based on the revised National Institute of Standards and Technology Special Publication 800-53 released in April 2013. It outlines updated security and privacy controls for federal information systems. The update to FedRAMP s base- line standards will ensure that the security controls stay relevant as cloud computing evolves, a GSA spokesman said. The CIOs at GSA, the Defense Department and the Department of Homeland Security, who lead the FedRAMP Joint Authorization Board, have already reviewed the revised baseline. GSA is now wait- ing for NIST to complete test cases --- likely by March --- before mov- ing forward with the transition. Agencies have until June to ensure that all the cloud service providers they use (or with whom they are in contract negotia- tions) are FedRAMP-approved. The Of ce of Management and Budget s PortfolioStat program is providing insight into the progress agencies are making toward that goal, the GSA spokesman said. However, the process is compli- cated by the fact that agencies are seeking to comply with standards that are still evolving. Kyra Fussell, a senior research analyst at Deltek s GovWin, said agencies and vendors should not be surprised by the revi- sions. "Back when FedRAMP launched, the program of ce explained that changes to the security controls would be driven by [the Federal Information Security Manage- ment Act] and other security stan- dard updates," she said. "Since the FedRAMP security controls lever- aged several documents from NIST, updates to these documents stand to catalyze revisions to those base- line controls." Furthermore, agency managers should be aware that FedRAMP certi cation is not a guarantee of complete security, she added. "The FedRAMP security baseline is set for the FISMA low to moder- FedRAMP: Keeping up with changing cloud security standards BY MICHAEL HARDY Cloud computing continues to evolve and so do the government's security controls, which is making FedRAMP compliance something of a moving target 73% 19% 8% February 2014 FCW.COM 29 ExecTe c h A lingering sense of vulnerability Although the government continues to strengthen cloud computing, a survey of federal, state and local IT professionals by 1105 Media revealed that security remains a key concern. Percent who said the following statements best describe their view of how cloud solutions affect cybersecurity: Source: 1105 Media research study Introduce new cybersecurity weaknesses Improve cybersecurity by simplifying architecture Have no material impact on cybersecurity
March 15, 2014