Will GSA Tweak Cloud FedRAMP Requirements?

1 min read
Photo: free-photos-pictures.com

The Obama administration is taking criticism of its cloud-computing security requirements to heart and may considering making changes, according to a report on Nextgov.

The Federal Risk and Authorization and Management Program, known as FedRAMP, is designed to create security standards for the federal government’s use of the cloud; the feds would like to deploy it by the summer.

David LeDuc, director of public policy at the Software and Information Industry Association, told Nextgov, the government’s goal is “aggressive,” but “achievable,” as long as “they take it in the right direction.”

So what is the right direction? Software designers say the first step is leaving the “one-size-fits-all approach” behind.

In public comments earlier this month, SIIA said the proposed requirements “are, in many cases, overly prescriptive and not sufficiently vendor neutral, nor do they effectively differentiate between the three basic cloud functions.”

Now, according to Nextgov, the General Services Administration is taking a long, hard look the requirements.

“We are working collaboratively with government and industry experts to explore the potential merits of moving toward a performance-based security assessment process, especially for technical security controls,” said GSA spokeswoman Sara Merriam. “The FedRAMP requirements must facilitate the trust required between agencies and industry to work toward proactive cloud computing adoption in support of the administration’s cloud-first policy.”

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Technology


  1. FedRAMP may be a good starting point for facilitating cloud computing processes, but there are a number of security concerns that need to be recognized. Some critics argue that FedRAMP does not provide enough application security oversight, which is a reason for concern as in recent years, application attacks have surpassed system-level attacks.

    At ccskguide.org, we take a look at the security issues around cloud computing and help prepare candidates for the CCSK Cloud Security Certification. Check out our blog post on FedRAMP:

  2. I’m wondering what your feelings are on cellular antivirus software. To me it’s very difficult to declare that there is a mobile phone problem that needs to be resolved. Maybe that is the reason why the market hasn’t grown in any way.

Leave a Reply

Your email address will not be published.