GSA Outlines Requirements, Schedule for Cloud Vendor Reviews
January 12, 2012
The first wave of cloud-computing vendors is expected to complete new mandatory security reviews by Oct. 1.
The first reviews under the Federal Risk and Authorization Management Program (FedRAMP) will start by June and should be completed this fiscal year or shortly after, said Katie Lewin, program manager for cloud computing at the General Services Administration. Lewin and other GSA officials spoke at a FedRAMP industry event on Wednesday.
GSA, which manages FedRAMP, released last week more than 100 security requirements cloud vendors will have to meet if they want to provide services to federal agencies. Once FedRAMP begins to conduct vendor reviews on a regular basis, agencies will have two years to ensure that current and future cloud technologies meet the new requirements, which are based on standards set by the National Institute of Standards and Technology.