Get ready to push some paper for cloud moves

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/nextgov/ng_20120112_1956.php

By Aliya Sternstein
Nextgov
01/12/2012

A critical part of a fast-track strategy that allows agencies to 
digitally borrow each other's cloud security guarantees will not be 
available when the operation gets under way this summer, federal 
officials told Nextgov.

The mantra of the new effort, called the Federal Risk and Authorization 
Management Program, or FedRAMP, is "Do once; use many times," meaning a 
department can go through the arguably arduous process of authorizing a 
Web-based service and then many other departments can sponge off that 
work to deploy the tool more quickly. The General Services 
Administration, which manages the program, plans for the certifications 
to be accessible through a central online clearinghouse.

But there are fears that a database containing vulnerability assessments 
for the entire federal cloud could be an attractive target for hackers, 
GSA officials acknowledge.

"It's largely going to be a paper-based process at the beginning because 
we won't have the bandwidth up in time," GSA Associate Administrator 
Dave McClure said in an interview. Independent auditors are scheduled to 
start generating the FedRAMP assessments in June.

Currently, government contractors, including Microsoft, often hand 
deliver assessments out of caution. McClure said officials have not 
built the repository yet, but based on feedback from agencies and cloud 
service providers they know access constraints will factor into the 
construction.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn