Proposed Security Assessment & Authorization for U.S. Government Cloud Computing
The ability to embrace cloud computing capabilities for federal departments and agencies brings advantages and opportunities for increased efficiencies, cost savings, and green computing technologies. However, cloud computing also brings new risks and challenges to securely use cloud computing capabilities as good stewards of government data. In order to address these concerns, the U.S. Chief Information Officer (U.S. CIO) requested the Federal CIO Council launch a government-wide risk and authorization management program. This paper describes a government-wide Federal Risk and Authorization Management Program (FedRAMP) to provide joint security assessment, authorizations and continuous monitoring of cloud computing services for all Federal Agencies to leverage.