On June 22, Pillsbury hosted the first annual Federal Cloud Security Summit, organized by the Washington, DC, chapter of the Cloud Security Alliance (CSA-DC). The keynote address was presented by Sonny Bhagowalia, former Deputy Associate Administrator with the GSA’s Office of Citizen Services and Innovative Technologies and current CIO of the State of Hawaii, and covered the GSA’s efforts and outreach to help drive Vivek Kundra’s 25-Point Plan and “Cloud First” initiative.
Among other things, Mr. Bhagowalia spoke extensively about the Federal Risk and Authorization Program (FedRAMP), its goals, its accomplishments and where it is headed. FedRAMP was created to support the government’s cloud computing initiative and is intended to provide a standard, cross-agency approach to providing the security assessment and authorization for agencies to use the services required under the Federal Information Security Management Act (FISMA). The idea is to facilitate the adoption of cloud computing services by federal agencies by evaluating services offered by vendors on behalf of the agencies. The evaluations are based on a unified risk management process that includes security requirements agreed upon by the federal departments and agencies. Because the services are vetted by the FedRAMP, theoretically each agency does not need to conduct its own risk management program – reducing duplication of effort, the time involved in acquiring services and costs.
A draft of FedRAMP requirements was released for comment in October 2010, and final release of the first version was expected by December 2010. Initially, the comment period was extended through January 2011 and the release delayed until the end of June, but according to this report, the requirements are now expected to be released sometime between August and October.