GSA Will Stop Recruiting Cloud Security Testers Until the Fall
March 6, 2013
The government's new program for certifying the safety of browser-based software will not be able to recruit additional testers until the fall, federal officials told Nextgov.
Currently, there are 16 government-approved independent testing firms assessing the security of dozens of cloud provider data centers to make sure they are up to standard. These auditors are part of the Federal Risk and Authorization Management Program, or FedRAMP, which was launched in June to provide agencies one list of preapproved cloudware with all the product certification paperwork completed. That way, interested agencies don’t have to perform redundant security checks, potentially saving as much as $200,000 per certification.
Today, a team of federal security professionals vets the integrity of the auditing firms. In 2011, before FedRAMP was even fully conceived, government officials said they would outsource this work to save money and increase throughput. In February, they began researching private accreditation bodies that could take over the vetting, according to contracting databases.