Guidelines would speed certification of cloud products, services

GSA releases FedRAMP requirements for comment

The General Services Administration is seeking public comment on security requirements designed to speed up the certification and accreditation of cloud computing products and services. In coordination with the Federal CIO Council, GSA released the comprehensive requirements for the Federal Risk and Authorization Management Program today.

FedRAMP is an interagency initiative to provide a governmentwide certification process. The aim is to reduce costs and duplication when multiple agencies attempt to certify products and services for security compliance.

Agency and industry officials have anticipated the release of these security controls for public comment for months as GSA officials talked about their imminent publication at conferences throughout late summer and into the fall.

GSA and the CIO Council are seeking comments from federal agencies, vendors, and the public on process templates, guides, common security requirements, and other in-depth aspects of the program.

Related Coverage:

Thinking of a private cloud? Government gets an expanding choice

The documents are available at the FedRAMP website. Comments will be accepted through 11:59 p.m. Eastern Time on Thursday, Dec. 2. Two information sessions will be held in Washington during the comment period - one for government agencies, and one for vendors, GSA officials said. More information will be available on the FedRAMP site as details for these sessions are finalized.

"By simplifying how agencies procure cloud computing solutions, we are paving the way for more cost-effective and energy-efficient service delivery for the public, while reducing the federal government's data center footprint." Federal CIO Vivek Kundra said in a prepared statement.

"Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud," said David McClure, GSA's associate administrator for citizen services and innovative technologies.

Seeking comment from industry, government and the public will ensure that the FedRAMP requirements maximize security while easing access toward the cloud, McClure said.

The first phase of FedRAMP is expected to be operational in first quarter of fiscal 2011.

Some vendors are already working to ensure that their technology is compliant with FedRAMP. For example, IBM officials are working with the government to certify a Federal Community Cloud the company announced this week.

Two federal agencies have signed on to the Federal Community Cloud so far, and IBM is waiting for the FedRAMP stamp of approval to proceed, said David McQueeney, chief technology officer with IBM’s U.S. Federal division.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected