Chris Talbot| Talkincloud
Do your cloud services meet federal security requirements yet? If not, you only have another six months to get your services up to spec. The FedRAMP accreditation process isn’t an easy one, but any cloud service that doesn’t meet the strict requirements won’t meet the feds’ trust test.
The entire FedRAMP review process takes time. The simplest and fastest way to go about it, which is to work with the FedRAMP office, takes approximately 4.5 months to complete the process. If a cloud services provider goes it alone, the process can take up to six months. With only six months to deadline, that’s not a lot of time, so for those who have been holding off to become accredited, consider making a move on getting started or risk being left behind and getting left out of future federal government cloud computing deals.
Maria Roat, FedRAMP director within the General Services Administration, recently reminded cloud services providers and federal agencies that the deadline is looming. Roat spoke at the Federal Cloud Computing Summit in mid-December and noted that cloud providers currently doing business—or hoping to do business—with federal government departments and agencies should contact the FedRAMP office to get the review process underway.
The federal government’s Cloud First policy has been gaining steam, and FedRAMP is being used to ensure the integrity of federal data stored within cloud services. It hasn’t been an easy road, but several major cloud services providers are ahead of the game. Hewlett-Packard (HPQ), Microsoft (MSFT) Azure and Amazon (AMZN) Web Services’ GovCloud have announced the completion of the accreditation process over the last several months.
Many others are certainly hip deep in the review process, and it’s likely we’ll hear more accreditation completion announcements over the next few months.
FedRAMP contains 298 security controls that are based on the National Institute of Standards and Technology guidelines that pertain to governance over agencies’ IT systems security.