FedRAMP, aimed at the providers of cloud computing services to Federal agencies, sets up a baseline of security requirements for those providers. In development for over two years, FedRAMP includes standard security requirements that are specific for cloud computing, suggested methods for production of cloud computing security control assessments by third-party contractors, boilerplate language for cloud computing contracts and a repository database of authorized contractors in the area of cloud computing. Cloud computing systems already in place at Federal agencies under an Authority-To-Operate (ATO) program will be given higher priority for operational needs and evaluation over those cloud services not running under ATOs.
Federal agencies, according to one particular FedRAMP requirement, must do continuous monitoring of contractor compliance to the stated cloud computing standards. The Department of Homeland Security (DHS) is the operational agency responsible for the specific management standards for that continuous monitoring -- this responsibility includes such items as the criteria for cloud-based data feeds, the structure by which reports are created and distributed and the coordination of incident response and threat notifications in case of any violations of the standards. In addition, the CIOs from DHS, the General Services Administration (GSA) and the Department of Defense (DOD) have been appointed to the FedRAMP Joint Authorization Board (JAB), an entity responsible for overseeing the entire program.
Cloud computing service providers, including web hosting services, will be able to use participation in this FedRAMP program as proof to non-Federal customers of their commitment to security for the cloud. Some non-Federal customers may even ask providers to give them the same level of security for cloud computing as that given to FedRAMP federal agencies -- a provider with FedRAMP experience will then be able to use their participation in that program as firm evidence of the safe and secure cloud computing practices in use by the provider.
Several specifics, however, such as the operational expectations for certain specific security issues, have not yet been addressed within the FedRAMP program -- it is expected that such questions will be answered within the lead-in time to next June's launch date.
Kimberly Dovander
Kimberly is the pro blogger in the WHS family. WordPress, Blogger, Tumblr... It doesn't matter - she knows them all. Send her a question, or a drop a line in the comment section below, and she'll get back to you.
-
2012-02-22
One of the fears of those who opposed the passage of the SOPA/PIPA Internet anti-piracy legislation in the US Congress last month may have come true. Many in the web hosting industry are concerned over the growi...
-
2012-02-16
The importance of keeping customers in the loop and making them feel an integral part of a web hosting provider's business was driven home by the recent hack attack on the Cryptome.org web site. Covering whistle...
-
2012-02-15
Yahoo has recently taken a step for interaction with the customer that all web hosting providers may want to think about emulating. Last week, the beta of Yahoo Small Business premiered to the public as a resour...
-
2012-02-09
The Internet Society recently set a date, June 6, 2012, as World IPv6 Launch Day, when it is expected that web companies and major Internet Service Providers (ISPs) will permanently enable the IPv6 protocol for ...
-
2012-02-07
Last month, the United States Congress stopped consideration of two bills, the Stop Online Privacy Act (SOPA) in the US Senate and the Protect Intellectual Property Act (PIPA) in the US House of Representatives,...
-
2012-01-31
Other web host providers may take a lesson from the recent set of problems that have been the experience of DreamHost, a domain name registrar and web hosting provider founded in 1996 and based in Los Angeles, C...
-
2012-01-31
With the overwhelming reaction against the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), a few members of the United States Congress have put forth an alternative bill. Oregon Democrat Senator Ron...
-
2012-01-30
At its simplest, Magento is a robust e-commerce solution built on a foundation of open-source technologies. The blended approach that Magento uses provides the best of both worlds for end-users. On one hand, the...
-
2012-01-24
ICANN, the Internet Corporation for Assigned Names and Numbers, announced last week that the application system for the new gTLDs (Generic Top-Level Domains) of the Internet began on January 19th and is proceedi...
-
2012-01-19
Amid Internet site blackouts and public outcries, the Stop Online Piracy Act (SOPA) has been placed on hold in the Senate while sponsors regroup and reconsider their position on this controversial topic. Along w...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
