[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] GSA Will Stop Recruiting Cloud Security Testers Until the Fall
By Aliya Sternstein
March 6, 2013
The government's new program for certifying the safety of browser-based
software will not be able to recruit additional testers until the fall, federal
officials told Nextgov.
Currently, there are 16 government-approved independent testing firms assessing
the security of dozens of cloud provider data centers to make sure they are up
to standard. These auditors are part of the Federal Risk and Authorization
Management Program, or FedRAMP, which was launched in June to provide agencies
one list of preapproved cloudware with all the product certification paperwork
completed. That way, interested agencies donât have to perform redundant
security checks, potentially saving as much as $200,000 per certification.
Today, a team of federal security professionals vets the integrity of the
auditing firms. In 2011, before FedRAMP was even fully conceived, government
officials said they would outsource this work to save money and increase
throughput. In February, they began researching private accreditation bodies
that could take over the vetting, according to contracting databases.
The planned privatization of the "accreditation function will result in a pause
in accepting new applications," Jackeline Stewart, a spokeswoman for the
General Services Administration, the governmentâs purchasing division, said in
an email. The length of the hiatus depends on the time it takes to conduct a
fair competition and then shift responsibilities, she added.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!