Feds Refine Cloud Security Standards

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/government/security/232400086

By Elizabeth Montalbano
InformationWeek
January 10, 2012

The federal CIO Council has released security controls for the new 
agency-wide program that standardizes security requirements for 
cloud-computing products and services, a key move in setting standards 
for cloud security across the federal government.

More than 150 security controls in 16 categories have now been defined 
for the Federal Risk Assessment Program (FedRAMP), which provides common 
security requirements for cloud implementation on specific types of 
systems.

FedRAMP also provides ongoing risk assessments and continuous 
monitoring, and carries out government-wide security authorizations for 
vendors providing cloud services and infrastructure that will be posted 
on a public website.

The release of these controls "is the critical first step that to 
successfully launching FedRAMP," as they are the basis for the program's 
standardized approach to the security authorization process for cloud 
products and services, according to a blog post on CIO.gov, the website 
for the CIO Council.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn