As of recently, no cloud solution provider has been endorsed by the Federal Risk and Authorization Management Program (FedRAMP). Run by the GSA, FedRAMP is designed to assist in closing costly federal data centers and outsourcing network operations to shared cloud providers, thereby reducing expenditures and increasing technical flexibility. FedRAMP provides a security evaluation that certifies cloud providers in being able to adequately and safely manage electronic federal data. By gaining the FedRAMP approval vendors can offer their cloud services for immediate use in any government agency. However, due to confusion and a slow evaluation process, no vendors have been endorsed by FedRAMP to date.
Setbacks preventing FedRAMP endorsement range from vendors having to expand their cloud security plans to satisfy the government and auditors, as well as nuances involved in the formatting of reports. Most setbacks however have less to do with a vendor’s hardware and software, and rather their accounting standards not adequately meeting government requirements. An additional setback includes the constant technology changes being requested by various federal agencies, which lead to the need for additional security assessments and evaluations, extending the already lengthy evaluation process.
While inspections began in June 2012, Officials have stated that they believe the first endorsements will occur in January 2013.