[ISN] Feds Refine Cloud Security Standards

From: InfoSec News <alerts_at_private>
Date: Thu, 12 Jan 2012 03:38:57 -0600 (CST)

By Elizabeth Montalbano
January 10, 2012

The federal CIO Council has released security controls for the new 
agency-wide program that standardizes security requirements for 
cloud-computing products and services, a key move in setting standards 
for cloud security across the federal government.

More than 150 security controls in 16 categories have now been defined 
for the Federal Risk Assessment Program (FedRAMP), which provides common 
security requirements for cloud implementation on specific types of 

FedRAMP also provides ongoing risk assessments and continuous 
monitoring, and carries out government-wide security authorizations for 
vendors providing cloud services and infrastructure that will be posted 
on a public website.

The release of these controls "is the critical first step that to 
successfully launching FedRAMP," as they are the basis for the program's 
standardized approach to the security authorization process for cloud 
products and services, according to a blog post on CIO.gov, the website 
for the CIO Council.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Thu Jan 12 2012 - 01:38:57 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 01:50:05 PST