http://www.informationweek.com/news/government/security/232400086
By Elizabeth Montalbano
InformationWeek
January 10, 2012
The federal CIO Council has released security controls for the new
agency-wide program that standardizes security requirements for
cloud-computing products and services, a key move in setting standards
for cloud security across the federal government.
More than 150 security controls in 16 categories have now been defined
for the Federal Risk Assessment Program (FedRAMP), which provides common
security requirements for cloud implementation on specific types of
systems.
FedRAMP also provides ongoing risk assessments and continuous
monitoring, and carries out government-wide security authorizations for
vendors providing cloud services and infrastructure that will be posted
on a public website.
The release of these controls "is the critical first step that to
successfully launching FedRAMP," as they are the basis for the program's
standardized approach to the security authorization process for cloud
products and services, according to a blog post on CIO.gov, the website
for the CIO Council.
[...]
_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
