Wednesday, June 6th marked the launch of the Federal Risk and Authorization Management Program (FedRAMP) application process for cloud service providers. As required by the Office of Management and Budget, all cloud service offerings must meet FedRAMP requirements when working with Federal agencies.
FedRAMP is a government-wide program providing IT security guidelines and continuous monitoring of cloud services for Federal systems. In an era of cyber-attacks, growing threats of infiltration, and compromised networks, the Federal government is trying to protect systems by standardizing security requirements. As cloud infrastructure becomes more institutionalized across government, FedRAMP invites cloud service providers to apply for this new certification.
The application process is clearly outlined on the GSA FedRAMP website. Cloud service providers, both commercial and government, can begin the application process by hiring a FedRAMP-approved independent third party assessment organization and submitting a package to the review board. Once approved, the private or public cloud provider will undergo continuous monitoring.
The main goals of the program include: promoting the adoption of secure cloud environments, establishing consistent security features across agencies, increase confidence in cloud solutions, and ultimately saving the agencies money on redundant assessments.
In the midst of budget cuts, the FedRAMP assessment process is expected to help agencies do more with less. It is safe to assume the race for cloud service certification is actually a race for IT contracts with Federal agencies. That is to say, once a cloud services provider is certified they will be up-for-grabs for Federal agencies looking for a readily available cloud solution.
The IT community speculates the first applicants will be certified in December 2012, beginning with FISMA low and moderate cloud environments and later moving to FISMA high.
