[ISN] GSA Will Stop Recruiting Cloud Security Testers Until the Fall

From: InfoSec News <alerts_at_private>
Date: Thu, 7 Mar 2013 00:37:03 -0600 (CST)

By Aliya Sternstein
March 6, 2013

The government's new program for certifying the safety of browser-based 
software will not be able to recruit additional testers until the fall, federal 
officials told Nextgov.

Currently, there are 16 government-approved independent testing firms assessing 
the security of dozens of cloud provider data centers to make sure they are up 
to standard. These auditors are part of the Federal Risk and Authorization 
Management Program, or FedRAMP, which was launched in June to provide agencies 
one list of preapproved cloudware with all the product certification paperwork 
completed. That way, interested agencies don’t have to perform redundant 
security checks, potentially saving as much as $200,000 per certification.

Today, a team of federal security professionals vets the integrity of the 
auditing firms. In 2011, before FedRAMP was even fully conceived, government 
officials said they would outsource this work to save money and increase 
throughput. In February, they began researching private accreditation bodies 
that could take over the vetting, according to contracting databases.

The planned privatization of the "accreditation function will result in a pause 
in accepting new applications," Jackeline Stewart, a spokeswoman for the 
General Services Administration, the government’s purchasing division, said in 
an email. The length of the hiatus depends on the time it takes to conduct a 
fair competition and then shift responsibilities, she added.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Wed Mar 06 2013 - 22:37:03 PST

This archive was generated by hypermail 2.2.0 : Wed Mar 06 2013 - 22:26:25 PST