The General Services Administration has issued a transition plan to prepare cloud service providers for the new security standards to be released in June under the Federal Risk and Authorization Management Program, Nextgov reported Tuesday.
Frank Konkel writes the changes are based on the National Institute of Standards and Technology’s fourth revision of its Special Publication 800-53 on security controls for federal information systems.
“This is a matter of communicating with providers, being transparent and letting people know what we’re doing,” said Maria Roat, FedRAMP director, according to the report.
GSA partnered with the Department of Homeland Security and Defense Department to communicate the updates.
Konkel reports the GSA plan provides guidance on the implementation of new baseline standards, assessment against current standards and testing of security controls depending on the CSP’s authorization or accreditation status.