Alex Grohmann and John Dyson from the Northern Virginia Chapter of the Informations Systems Security Association, join host John Gilroy to talk about what you can do to make your agency more secure. July 9, 2013
HHS approves Amazon Web Services for meeting security requirements under the Federal Risk Authorization Management Program. The company's secure documents are available for other agencies to review to help accelerate their move to the cloud.
FedRAMP and other initiatives are helping CIOs become more comfortable with securing data and applications in the cloud. But changing the way agencies buy, manage and oversee technology is a bigger roadblock in moving systems to the cloud.
Cancellations of in-person meetings press DoD's Web conferencing system past its limits. The Defense Information Systems Agency will complete upgrades by Feb. 15.
News and buzz in the acquisition and IT communities that you may have missed this week.
After the Federal Risk and Authorization Management Program (FedRAMP) certified the first cloud-computing services company last month, the General Services Administration is predicting a steady wave of new approvals later this year. The length of time it has taken the initial 78 companies or products in the FedRAMP pipeline to gain approval is a testament to the rigorous process, said Dave McClure, GSA's associate administrator in the Office of Citizen Services and Innovative Technologies.
FedRAMP is reviewing six applications from vendors and plans on awarding at least three with the authority to operate by the end of the year. GSA's Kathy Conrad said a survey identified more than 80 opportunities for cloud services. GSA to hold FedRAMP webinar tomorrow.
The agency plans to release solicitations to help agencies implement sensors to detect threats, followed by industry-provided services to analyze them. Congress approved $183 million to begin in 2013 to help get continuous monitoring off the ground more quickly.
The General Services Administration has announced it has authorized 12 companies as third party assessment organizations for FedRAMP and will will assure cloud services providers meet security requirements.
Homeland Security releases policy and guidance on how departments and vendors will implement continuous monitoring and get away from static reports on the cyber health of their systems. DHS is hoping Congress approves a $200 million funding request to buy five different commercial cyber tools, a dashboard and a security data warehouse in 2013.
OMB highlights successes of 25-point strategy on its 18-month anniversary. Federal CIO Steve VanRoekel said agencies saved $100 million from moving email to the cloud. There now are more than 1,000 qualified program managers in the new job series. The IT reform plan helps institute culture change from CIOs on down. June 7, 2012(Encore presentation July 5, 2012)
The program launches initial operating capability today. GSA expects the first set of provisionally approved cloud service providers to be ready in December. In the meantime, agencies are holding vendors accountable for coming very close to FedRAMP standards.
On the In Depth show blog, you can listen to the interviews, find more information about the guests on the show each day and links to additional resources.
Vendors wanting to provide cloud services to the government must first receive support from these nine organizations that they are meeting the cloud computing security controls.
GSA, NIST to name the first batch of outside organizations who will test and validate commercial cloud products against baseline security standards in the FedRAMP cloud security program in May. The Joint Authorization Board also will release guidance to industry on how to implement the security requirements in the coming months. FedRAMP still is months from approving its first set of vendors.