According to articles posted by nexgov ("
White House set to complete security standards for cloud computing services next year") and ExecutiveGov ("
Kundra: Expect Formal Federal Cloud Security Standards in 6 Months"), through the FedRAMP program, the federal government could seek to publish the final FedRAMP publication sometime this summer.
But is industry ready to take on the responsibility of securing government data? Do the members of the Joint Authorization Board (GSA, DHS, DOD, and the sponsoring agency) have enough information to fully qualify the risk of moving to the cloud as part of the risk-based decision for authorizing Cloud Service Providers? What gaps exist within the FedRAMP (DRAFT) and can those gaps be adequately addressed within the next 6 months or so?
More...