Home / News / Will GSA Tweak Cloud FedRAMP Requirements?

Will GSA Tweak Cloud FedRAMP Requirements?

Photo: free-photos-pictures.com

The Obama administration is taking criticism of its cloud-computing security requirements to heart and may considering making changes, according to a report on Nextgov.

The Federal Risk and Authorization and Management Program, known as FedRAMP, is designed to create security standards for the federal government’s use of the cloud; the feds would like to deploy it by the summer.

David LeDuc, director of public policy at the Software and Information Industry Association, told Nextgov, the government’s goal is “aggressive,” but “achievable,” as long as “they take it in the right direction.”

So what is the right direction? Software designers say the first step is leaving the “one-size-fits-all approach” behind.

In public comments earlier this month, SIIA said the proposed requirements “are, in many cases, overly prescriptive and not sufficiently vendor neutral, nor do they effectively differentiate between the three basic cloud functions.”

Now, according to Nextgov, the General Services Administration is taking a long, hard look the requirements.

“We are working collaboratively with government and industry experts to explore the potential merits of moving toward a performance-based security assessment process, especially for technical security controls,” said GSA spokeswoman Sara Merriam. “The FedRAMP requirements must facilitate the trust required between agencies and industry to work toward proactive cloud computing adoption in support of the administration’s cloud-first policy.”

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators. 


  1. FedRAMP may be a good starting point for facilitating cloud computing processes, but there are a number of security concerns that need to be recognized. Some critics argue that FedRAMP does not provide enough application security oversight, which is a reason for concern as in recent years, application attacks have surpassed system-level attacks.

    At ccskguide.org, we take a look at the security issues around cloud computing and help prepare candidates for the CCSK Cloud Security Certification. Check out our blog post on FedRAMP:

  2. I’m wondering what your feelings are on cellular antivirus software. To me it’s very difficult to declare that there is a mobile phone problem that needs to be resolved. Maybe that is the reason why the market hasn’t grown in any way.

Leave a Reply

Your email address will not be published. Required fields are marked *