FedRAMP Cloud Security Approval: Look Who Applied - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cloud computing
11:38 AM
Connect Directly

FedRAMP Cloud Security Approval: Look Who Applied

Officials unveil new FedRAMP Web portal, release details on firms seeking government's cloud security seal of approval.

Internet Of Things: 8 Cost-Cutting Ideas For Government
Internet Of Things: 8 Cost-Cutting Ideas For Government
(Click image for larger view and slideshow.)

FedRAMP (Federal Risk and Authorization Management Program), the program that helps agencies migrate to the cloud securely, is making public the names of cloud service providers that are in the process of obtaining the government's security certification.

The information appears in a new FedRAMP resource section on the Federal CIO Council's cloud.cio.gov site. FedRAMP.gov visitors were redirected to the site beginning last week. The new site provides a range of materials that agencies and cloud providers need to meet FedRAMP requirements.

The new FedRAMP site identifies, among other information, 10 previously undisclosed ''cloud systems in process'' seeking FedRAMP certification for new or additional cloud infrastructure, platform, and software services. The site provides details on the services under review from CenturyLink Technology Solutions, Clear Government Solutions (CGS), Economic Systems, Fiberlink (a unit of IBM), Hewlett-Packard, Layered Tech Government Solutions, Microsoft, Oracle, SecureKey Technologies, and Virtustream. CA Technologies also is reportedly seeking FedRAMP certification.

FedRAMP has already certified 14 cloud services from 12 providers, including an Oracle PaaS offering approved on Feb. 24.

[Get the full download on FedRAMP. Read Q&A: FedRAMP Director Discusses Cloud Security Innovation.]

The CIO Council cloud portal pulls together reference documents for agencies, cloud service providers, and third-party assessment organizations from FedRAMP's existing website. That site is run by the General Services Administration, which manages the FedRAMP program. The information is also integrated across the Cloud.cio.gov site, which focuses on users' need to ''learn about, use, acquire, manage and secure'' cloud services.

FedRAMP.gov visitors now land on a section of Cloud.cio.gov
FedRAMP.gov visitors now land on a section of Cloud.cio.gov

The new site has more forums and FAQs, according to Maria Roat, FedRAMP director at GSA. The GSA will continue to keep its version of the FedRAMP site active, she explained, because many documents out there reference the GSA website.

Agencies are under White House pressure to adopt cloud computing services and have them FedRAMP-certified by June 5, 2014. The program's security standards have attracted interest from cloud providers, but as FedRAMP officials acknowledge, they're trying to expand the offering of approved services.

FedRAMP officials have also announced plans to partner with the public-private group MeriTalk in an effort to widen FedRAMP's visibility within the federal IT market with the launch of the FedRAMP OnRamp.

The promotional site, due to go live March 13, promises to provide additional details about where companies are in the application process. It also plans to report on what agencies can save using FedRAMP-certified cloud services instead of building and certifying their own systems.

Based on preliminary reports from six FedRAMP-certified cloud providers and data on 210 cloud installations, MeriTalk estimates that FedRAMP has saved the government $52.5 million since the program began operating in 2012. It also found the government spent an average of $250,000 to bring each cloud service into full FedRAMP compliance.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)/p>

Wyatt Kash is a former Editor of InformationWeek Government, and currently VP for Content Strategy at ScoopMedia. He has covered government IT and technology trends since 2004, as Editor-in-Chief of Government Computer News and Defense Systems (owned by The Washington Post ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Li Tan
Li Tan,
User Rank: Ninja
3/5/2014 | 8:31:09 AM
Re: Better add VMware to the list
On the positive side, the security approval process will add a kind of guarantee to some extent so that the enterprise need to have the "license" to enter cloud world. On the negative side, it may put extra burden and become just a kind of documentation process, which consumed resource of enterprise unnecessarily without any real value.
User Rank: Author
3/4/2014 | 5:41:24 PM
Re: Better add VMware to the list
Certainly one should expect to see them added to the list.

First, however, they must complete a readiness process prior to the application kick-off where FedRAMP officials do an initial review of the CSP's docs to make sure they meet the mark on the level of detail required in describing their controls. Some CSPs don't know the government's FISMA requirements (which are at the heart of FedRAMP common standards) and can't adequately describe their system and controls. The readiness process does just that - gets them ready for the full-on authorization process.  
User Rank: Apprentice
3/4/2014 | 2:18:51 PM
In process vs. applied.
There are the companies who actually made it into the FedRAMP process, not a comprehensive list of the companies who actually applied wich is probably in the hundreds. Just because someone feels VMware and Carpathis 'should' be listed here doesn't mean they are actually in the FedRAMP process.
Charlie Babcock
Charlie Babcock,
User Rank: Author
3/4/2014 | 12:38:14 PM
Better add VMware to the list
VMware should be added to this list. VMware is the primary virtualization vendor for as much as 80% of large enterprises,  by some estimates. VMware's Angelos Kottas estimates its share in federal agencies may be "higher than the commercial market." That's a potential springboard into the compatible VMware vCloud Hybrid Servcie provided by Carpathia.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll