The government is also moving forward with a recently announced shared security certification and accreditation process known as FedRAMP, which will be led in the near term by GSA CISO Kurt Garbars, who this week took on an additional role as chair of the cloud computing security work group of the CIO Council's cloud computing advisory council.
FedRAMP, which NIST computer scientist Peter Mell characterized Thursday at NIST's Cloud Computing Forum and Workshop as a "government-wide initiative to provide joint authorization services," will be in a planning phase until the end of the fiscal year as details like how it will be implemented and who will pay for it are worked out.
However, Mell noted that the Department of Defense and even the intelligence agencies have bought into the concept, giving it broad support, and both Microsoft and Google are actively working through the first FedRAMP pilot authorizations.
The cloud RFQ makes reference to requirements that full authorization via FedRAMP must be done before any ordering is done and that the cost of FedRAMP authorizations could be factored into pricing, Katie Lewin, director of GSA's cloud computing program, said in a brief interview Thursday that the RFQ may be modified slightly because FedRAMP isn't likely to be able to accept vendors quite yet.
Finally, NIST announced Thursday that it has decided to help facilitate the collaborative development of standards for cloud computing in an effort it calls Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC). According to Dawn Leaf, NIST's new senior executive for cloud computing, SAJACC aims to accelerate the development of cloud standards and develop some consensus around elements of cloud computing which are amenable to standardization.
In general terms, SAJACC will define specific use cases cloud computing standards could cover, such as moving a virtual machine between clouds, develop methods to test whether those scenarios are actually possible by creating test specs and executing against them, and posting this information on a cloud standards portal that it plans to launch.
"We're not trying to write cloud computing standards, but are trying to do some testing on reasonable system interfaces or specifications of systems and make the test results available so people can see something is absolutely possible because the test results show it," NIST senior computer scientist Lee Badger said Thursday.