6.3: FedRAMP
Encourage public sector reliance upon FedRAMP. Other Information:
One of the obstacles in securing government systems is the bureaucratic hurdle in using affordable and widely deployed commercial
technology. As information technologies shift to a more virtualized infrastructure, the traditional approach of requirements-based
acquisition is too slow and onerous, and therefore fails to address security risks. To address these concerns, cloud computing
and security experts from across the Federal government have collaborated to establish the Federal Risk and Authorization
Management Program. The executive branch must encourage public sector reliance upon FedRAMP. While this process of vendor
security testing and certification does not solve all the problems with shifting government computing to the cloud, it addresses
one of the biggest challenges. The public sector has established standards and requirements for assessors, and begun the process
of certifying and authorizing cloud providers. The largest benefits of the program require widespread buy-in across the government,
as agencies take advantage of products and architectures that have already been approved, without having to go through their
own recertification process. This has the potential to dramatically streamline and simplify acquisition, making government
IT adaptation and evolution cheaper and easier.
Indicator(s):
|
