Feds Issue First Government-Wide Cloud Services Security Authorization

Grazed from InformationWeek.  Author: J. Nicholas Hoover.

In a bid to accelerate and make more cost-effective the adoption of cloud computing, the federal government Thursday issued the first government-wide security authorization for a cloud computing service as part of the new Federal Risk and Authorization Management Program (FedRAMP).

The FedRAMP program will eventually be a mandatory, common approach to ensuring that cloud computing services meet federal cybersecurity requirements. It will replace the historically agency-by-agency and therefore often duplicative approach to certifying that services meet these requirements. For now, though, almost 19 months after being announced, FedRAMP is still just getting off the ground…



In issuing the authorization on Thursday, the General Services Administration met its goal of finalizing its first security authorization by the end of 2012 and vaulted little-known North Carolina-based government contractor Autonomic Resources LLC, which received the authorization, into the public eye.

The authorization process required Autonomic Resources to implement and thoroughly document its implementation of dozens of required FedRAMP security controls in the vendor’s ARC-P infrastructure-as-a-service offering, and had auditors from cybersecurity consultancy the Veris Group verify and test those controls. The authority to operate granted by GSA serves as proof that Autonomic Resources meets federal cybersecurity requirements for cloud services, and enables any government agency to use ARC-P…

Read more from the source @ http://www.informationweek.com/government/cloud-saas/feds-issue-first-government-wide-cloud-s/240145353