http://www.nextgov.com/cloud-computing/2013/03/gsa-will-stop-recruiting-cloud-security-testers-until-fall/61697/ By Aliya Sternstein Nextgov March 6, 2013 The government's new program for certifying the safety of browser-based software will not be able to recruit additional testers until the fall, federal officials told Nextgov. Currently, there are 16 government-approved independent testing firms assessing the security of dozens of cloud provider data centers to make sure they are up to standard. These auditors are part of the Federal Risk and Authorization Management Program, or FedRAMP, which was launched in June to provide agencies one list of preapproved cloudware with all the product certification paperwork completed. That way, interested agencies don’t have to perform redundant security checks, potentially saving as much as $200,000 per certification. Today, a team of federal security professionals vets the integrity of the auditing firms. In 2011, before FedRAMP was even fully conceived, government officials said they would outsource this work to save money and increase throughput. In February, they began researching private accreditation bodies that could take over the vetting, according to contracting databases. The planned privatization of the "accreditation function will result in a pause in accepting new applications," Jackeline Stewart, a spokeswoman for the General Services Administration, the government’s purchasing division, said in an email. The length of the hiatus depends on the time it takes to conduct a fair competition and then shift responsibilities, she added. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Wed Mar 06 2013 - 22:37:03 PST
This archive was generated by hypermail 2.2.0 : Wed Mar 06 2013 - 22:26:25 PST