DorobekINSIDER: OMB memo lays out the policies to secure cloud computing using FedRAMP
The Office of Management and Budget this morning posted a new memo [PDF or below] by Federal CIO Steven VanRoekel laying out the administration’s initiative for cloud computing security.
Known as FedRAMP — Federal Risk and Authorization Management Program— it is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments.
The memo, titled Security Authorization of Information Systems in Cloud Computing Environments, has been widely anticipated and lays out the administration’s steps toward securing cloud computing.
Earlier this year, at a speech in California, VanRoekel suggested that FedRAMP could become mandatory.
Cloud computing is at the heart of the Obama administration’s key technology initiatives and is a prominent part of the White House 25 point IT reform plan [PDF].