Guidelines would speed certification of cloud products, services

GSA releases FedRAMP requirements for comment

The General Services Administration is seeking public comment on security requirements designed to speed up the certification and accreditation of cloud computing products and services. In coordination with the Federal CIO Council, GSA released the comprehensive requirements for the Federal Risk and Authorization Management Program today.

FedRAMP is an interagency initiative to provide a governmentwide certification process. The aim is to reduce costs and duplication when multiple agencies attempt to certify products and services for security compliance.

Agency and industry officials have anticipated the release of these security controls for public comment for months as GSA officials talked about their imminent publication at conferences throughout late summer and into the fall.

GSA and the CIO Council are seeking comments from federal agencies, vendors, and the public on process templates, guides, common security requirements, and other in-depth aspects of the program.

Related Coverage:

Thinking of a private cloud? Government gets an expanding choice

The documents are available at the FedRAMP website. Comments will be accepted through 11:59 p.m. Eastern Time on Thursday, Dec. 2. Two information sessions will be held in Washington during the comment period - one for government agencies, and one for vendors, GSA officials said. More information will be available on the FedRAMP site as details for these sessions are finalized.

"By simplifying how agencies procure cloud computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government's data center footprint." Federal CIO Vivek Kundra said in a prepared statement.

"Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud," said David McClure, GSA's associate administrator for citizen services and innovative technologies.

Seeking comment from industry, government and the public will ensure that the FedRAMP requirements maximize security while easing access toward the cloud, McClure said.

The first phase of FedRAMP is expected to be operational in first quarter of fiscal 2011.

Some vendors are already working to ensure that their technology is compliant with FedRAMP. For example, IBM officials are working with the government to certify a Federal Community Cloud the company announced this week.

Two federal agencies have signed on to the Federal Community Cloud so far, and IBM is waiting for the FedRAMP stamp of approval to proceed, said David McQueeney, chief technology officer with IBM’s U.S. Federal division.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.