The long-anticipated guidance regarding how contractors can provide the federal government cloud solutions was unveiled Thursday after nearly two years of being in the works.
Federal Chief Information Officer Steven VanRoekel issued a policy memo detailing how agencies will use the Federal Risk and Authorization Management Program, or FedRAMP, to assess and authorize cloud computing services and products. Beginning in June, agencies must begin using FedRAMP when purchasing cloud services.
FedRAMP is designed to be a baseline for agencies and contractors as it establishes a uniform set of security controls, allowing quicker certification of cloud products and services.
“This approach uses a ‘do once, use many times’ framework that will save cost, time, and staff required to conduct redundant agency security assessments so no one has to reinvent the wheel,” VanRoekel said in a White House blog post.
A joint authorization board of the Defense and Homeland Security departments and the General Services Administration will soon issue separate guidelines for contractors on how they can get their cloud products and services authorized under the FedRAMP process, according to the Washington Business Journal.