Between six and 20 cloud computing contractors are expected to undergo the first round of FedRAMP testing starting in June, Federal Times reports.Companies that provide services under the General Services Administration’s infrastructure-as-a-service contract will first go through the test.
Vendors who provide email-as-a-service contract will undergo the evaluation second.
Contractors that pass the evaluation will receive clearance to offer products and services to agencies.
The National Institute of Standards and Technology will release updated guidelines in July.
NIST fellow Ron Ross told Federal Times that vendors have a year to comply with those guidelines.
Ross also said current guidelines do not cover insider threats, supply chain and mobile and cloud technologies.
Existing NIST standards require cloud vendors to identify the exact location where federal data is stored and processed and must provide clear contingency plans laid out for terrorist attacks and cyber incidents.
Current NIST standards require cloud vendors who operate low and moderate security level systems to identify where federal data is stored and processed.
Vendors must also provide contingency plans in the event of terrorist attacks and cyber incidents.
All cloud products must have two-factor authentication, requiring system operators to have a password and an identification card before gaining access to infrastructure containing government-owned information.
According to Federal Times, agencies spend nearly $300 million on testing and approving IT systems for federal use.
