FedRAMP Industry Day
I've been watching the FISMA implementation program and the related Federal Risk and Authorization Management Program, FedRAMP, program for quite some time now and on Friday the 16th December, 2011, I was lucky enough to be able to attend the FedRAMP Industry Day, hosted by GSA.
Building on the recent announcement of the OMB's FedRAMP Policy memo giving the requirements for a standardized program for the security assessment, authorization, and continuous monitoring for cloud products and services. Presenters from GSA and NIST described the program built through a collaboration of several agencies including NIST, GSA, DHS, the DoD,the OMB and others. The program introduces an innovative policy approach to developing trusted relationships between Executive departments and agencies and cloud service providers (CSPs).
My impression of the proposed program is refreshingly good. The evident co-operative philosophy between the agencies coupled with an outline of a program that described goals aimed at providing the right assurance to those who need it indicated to me that a lot of active listening has been happening over the past months. Paying attention to lessons learned in the conformance assessment sector, and an emphasis on appropriate standards has led to the definition of a what I hope will be a successful program. An emphasis of the quality of third party assessors from the outset is a good place to start when a program based on trust is being established. It's a shame that not all conformity assessment programs have that same philosophy.
The program should be up and running during the course of 2012, so we won't have to wait too long to see if my prediction is true. Of course I would expect to see a few teething problems, as I would with any new program.
The program has updated the FedRAMP web page recently. FAQs, the OMB policy and the requirements for third party assessor organizations (3PAO) are all to be found here.
- Fiona Pattinson
No comments:
Post a Comment
Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.