If you are an IT government contractor – this is for you! Cloud Service Providers (CSPs) are required to be FedRAMP certified by June 2014. Current deployments of cloud-based services in use by Federal agencies must be compliant with FedRAMP guidelines by June 2014. Commercial providers that offered cloud-based services to the Federal government or in the acquisition process prior to June 5, 2012, must have a FedRAMP P-ATO. Government agencies have to move one system to a cloud provider within 12 months of project start, and two more systems within 18 months of launch, by the end of 2015.
FedRAMP is the federal security authorization process for CSPs which standardizes the cloud risk assessment process for every Federal agency. There are currently only nine authorized CSPs, but that number is expected to grow as the deadline approaches. In March of 2012 the Office of Management and Budget (OMB) initiated PortfolioStat, which authorized OMB to monitor Federal agencies IT portfolio for non-compliant CSPs. After the June 2014 deadline, agencies that are still working with non-compliant CSPs will be subject to a complete IT portfolio review by OMB.
Implementing FedRAMP is a complex task, and does not fit the “check-the-box” standard form process. This is a process that requires not only time and resources, but a “buy-in” from the management team. While the process is daunting, the enforcement of FedRAMP will open a whole new market for CSPs and agencies. However, the current challenge for CSPs is the clock that is ticking away closer and closer toward the June 2014 deadline. For any CSP considering FedRAMP, be aware that this process takes a minimum of six months which is why it is pertinent that you begin the process now.
Important Steps when considering FedRAMP:
For more information on the FedRAMP deadline and how to start the certification process, contact us for help!