Word is that www.fedramp.gov–and even the new, shiny FedRAMP dashboard–are running in a cloud without a FedRAMP ATO. Now, that’s embarrassing. […]
The General Services Administration announced that the Microsoft Dynamics CRM Online Government was issued a Provisional Authority to Operate by the Joint Authorization Board on Sept. 22, the first product to receive one through the new FedRAMP Accelerated program.[…]
The storm clearly has not passed for some big programs run by the General Services Administration, including FedRAMP’s spending of $150,000 in taxpayer money to duplicate an online dashboard capability that had already been developed in the private sector and made available to the government for free….Also, Rep. Will Hurd, R-Texas, is back with another bill aimed at IT modernization.[…]
The General Services Administration on Tuesday released the FedRAMP Readiness Assessment Report, a template that allows cloud service providers to quickly determine whether they are ready to pursue FedRAMP authorization.[…]
Federal agencies can now use cloud computing systems to store their most sensitive, unclassified data, through the recent release of the Federal Risk and Authorization Management Program High Baseline.
“This release allows agencies to use cloud environments for high-impact data, including data that involves the protection of life and financial ruin,” said the FedRAMP announcement.
Less than three months after a wave of negative feedback from industry forced the General Services Administration to revamp the Federal Risk and Authorization Management Program, a new MeriTalk survey shows for the first time that many government IT officials doubt the value of the program in its current form.[…]
FedRAMP Director Matt Goodrich said some Federal agencies may have refused to share a FedRAMP ATO granted to a CSP, but that’s only a small part of the story behind one of the major shortcomings of the FedRAMP program. One theory: It’s not that agencies are refusing to share—it’s that cloud service providers are failing to capture new business.[…]
Third party cloud security auditing firms are worried that new documentation requirements put in place by FedRAMP could open them to significant liability risks.[…]
Two months after a cloud industry advocacy group published a scathing assessment of the Federal government’s cloud computing security certification process and took their concerns to Capitol Hill, the General Services Administration’s FedRAMP announced significant structural changes to the way the government will assess cloud service providers.
A representative of a Federal cloud computing industry advisory group filed a formal complaint this week with the General Services Administration’s inspector general alleging officials from FedRAMP issued veiled threats of retaliation against member companies that publicly voiced concerns about problems with the cloud security certification process.[…]