Office of Management and Budget Director Jack Lew has signed off on the federal government’s cloud security guidance known as FedRAMP according to a Federal News Radio report.
FedRAMP has been in the works for nearly 18 months through collaboration between federal agencies, private industry and academia.
The OMB will release the memo and guidance as early as next week, according to the report. OMB declined comment on whether Lew had reviewed the guidance.
“The administration is in the process of finalizing the (FedRAMP) program and we anticipate it will be completed and released before the end of the calendar year,” spokeswoman Moira Mack said according to Federal News Radio.
FedRAMP is set to be rolled out in four phases. The initial assessment process will start through a security authorization, initiated by agencies or cloud providers, using FedRAMP requirements that comply with the 2002 Federal Information Security Management Act and based on guidance from the National Institutes of Technology.
After the initial assessment, a FedRAMP-approved third-party organization will give an independent evaluation of the cloud environment and provide a security assessment package for review. Then, a joint authorization board will review the package.
The final phase of the roll-out will allow agencies to leverage the cloud authorization packages for review when granting an agency authority to operate.