Government Closer to Universal Cloud-Computing Security Assessment and Authorization Program
GSA-led team releases FedRAMP requirements for public comment.
GSA # 10692
November 2, 2010
Contact: Sara Merriam, (202) 501-9139
WASHINGTON — In a major step toward governmentwide adoption of cloud computing services, the U.S. General Services Administration today in coordination with the Federal Chief Information Officers Council released comprehensive requirements for the Federal Risk and Authorization Management Program, or FedRAMP, for public comment. FedRAMP will reduce redundant processes across government by providing security authorizations and continuous monitoring of cloud systems that can be leveraged by agencies to streamline their security process while providing highly effective security services.
“As part of the President’s Accountable Government Initiative, we are working to close the IT gap between the private and public sectors, and leverage technology to make government work harder, smarter, and faster for the American people,” said Federal CIO Vivek Kundra. “By simplifying how agencies procure cloud-computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government’s data center footprint.”
FedRAMP was established to provide a standard approach to assessing and authorizing cloud-computing services and products. FedRAMP allows joint authorizations and continuous security monitoring services for government and commercial cloud-computing systems intended for multiagency use. Joint authorizations of cloud providers will result in a common security risk model that can be leveraged across the federal government, ensuring a consistent baseline for cloud-based technologies.
“Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud,” said David McClure, GSA’s Associate Administrator for Citizen Services and Innovative Technologies. “FedRAMP’s uniform set of security authorizations can eliminate the need for each agency to conduct duplicative, time-consuming, costly security reviews. By going out for public comment, leveraging knowledge from industry, government, and the public, ensures our requirements maximize security while easing access toward the cloud.”
GSA, along with the CIO Council, is seeking comments from federal agencies, vendors, and the public on process templates, guides, common security requirements, and other in-depth aspects of the program. The documents are available at www.FedRAMP.gov and comments will be accepted through 11:59 p.m. Eastern time on Thursday, Dec. 2. Two information sessions will be held during the comment period in Washington – one for government agencies, and one for vendors. More information will be available on www.FedRAMP.gov as details for these sessions are finalized. The first phase of FedRAMP is expected to be operational in the first quarter of calendar year 2011.
As the federal government's workplace solutions provider, the U.S. General Services Administration works to foster an effective, sustainable and transparent government for the American people. GSA’s expertise in government workplace solutions include:
• Effective management of government assets including more than 9,600 government-owned or leased buildings and 210,000 vehicles in the federal fleet, and preservation of historic federal properties;
• Leveraging the government’s buying power through responsible acquisition of products and services making up more than 11 percent of the government’s total procurement dollars;
• Providing innovative technology solutions to enhance government efficiency and increase citizen engagement; and,
• Promoting responsible use of federal resources through development of governmentwide policies ranging from federal travel to property and management practices.