Home / News / Report: Changes to FedRAMP Standards Could Extend Enforcement Date

Report: Changes to FedRAMP Standards Could Extend Enforcement Date

cloud securityCloud service providers may have leeway until fall to secure their service offerings to agencies before Federal Risk and Authorization Management Program implementation kicks in, Nextgov reported Wednesday.

Frank Konkel writes vendors have been working to get assessed ahead of the June 5 deadline but changes to FedRAMP baseline cloud computing standards in line with National Institute of Standards and Technology revisions to its security and privacy controls for federal information systems may cause delays in enforcement.

“Over the next three months through the end of the fiscal year, it’ll be kind of a slow walk where as long as you’re in the process of making positive movement, you’re moving toward certification,” Maria Horton, CEO of FedRAMP-accredited third-party assessment organization EmeSec, was quoted as saying.

Horton expects “ramped-up investment” from CSPs to start Oct. 1, when NIST SP 800-53 Rev. 4 is due to come out as vendors want to avoid being found out of compliance.

“Folks will be preparing. Their livelihood depends on it,” she said.

Some software as a service and infrastructure as a service companies have achieved authority-to-operate certificates, with several other CSPs granted provisional ATOs, in the two years since FedRAMP’s inception.

Check Also

Conner Prochaska Named DOE Chief Commercialization Officer

Conner Prochaska, former senior advisor and chief of staff for the Advanced Research Projects Agency-Energy, has been named the Energy Department's chief commercialization officer. Prochaska will direct the Office of Technology Transitions, overseeing the national laboratories, DOE program offices and other associated facilities in the U.S., the department said Tuesday.

Leave a Reply

Your email address will not be published. Required fields are marked *