The new security standards process involves taking a single view of IT services offered by vendors to avoid duplicate and isolated risk management reviews by individual departments. The standards are the baseline of decisions on use by the joint authorization board of the Federal Risk and Authorization Management Program (FedRAMP), the initiative set in place in December to foster cloud deployments at the government level.
Controls were culled from input by commercial and government entities on focus on unique elements in cloud contract and offering requirements, such as multi-tenancy, infrastructure oversight and shared resource pooling, according to a federal news release. The new standards also reflect National Institute of Standards in Technology rules on the cloud for low and moderate impact data systems.
In the next few months, the federal CIO office said it has also scheduled the release of a FedRAMP operations concept from the General Services Administration, which will provide more detail for departments and cloud providers to meet these and other federal requirements.
Expansion of cloud adoption across governmental departments is part of the ongoing 18-month federal CIO vision, as well as an emphasis for innovation and growth from Federal CIO Steven VanRoekel.
For more detail on the plan, click here. Questions and concerns on the plan can be emailed here.
Justin Kern is senior editor at Information Management and can be reached at justin.kern@sourcemedia.com. Follow him on Twitter at @IMJustinKern.
