Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

DISA in Compliance with Cloud Security Standards

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 5 Nov 2014 08:47:46 +0000 (UTC)
http://www.nextgov.com/defense/whats-brewin/2014/11/disa-compliance-cloud-security-standards/98120/

By Bob Brewin
Nextgov.com
November 4, 2014
The Defense Information Systems Agency currently offers its military customers certified cloud computing services from three vendors and has another seven under assessment for compliance with governmentwide security standards, top agency officials told Nextgov.
FedRAMP reviews aim to speed the adoption of cloud deployments across government by allowing cloud services to be vetted once – at a particular security level – and then deployed by a multitude of agencies. Agencies must comply with FedRAMP as a matter of federal policy.
But as noted in a recent review from the Council of Inspectors General on Integrity and Efficiency, neither the FedRAMP program office nor the Joint Authorization Board -- made up of the chief information officers of General Services Administration and the departments of Defense and Homeland Security -- can force agencies to comply with FedRAMP.
The report identified 348 federal commercial cloud contracts with a value of $12 billion as of fiscal 2014. But it did not identify specific agencies that failed to meet certification requirements. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: