[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] GSA Will Stop Recruiting Cloud Security Testers Until the Fall


By Aliya Sternstein
March 6, 2013

The government's new program for certifying the safety of browser-based software will not be able to recruit additional testers until the fall, federal officials told Nextgov.

Currently, there are 16 government-approved independent testing firms assessing the security of dozens of cloud provider data centers to make sure they are up to standard. These auditors are part of the Federal Risk and Authorization Management Program, or FedRAMP, which was launched in June to provide agencies one list of preapproved cloudware with all the product certification paperwork completed. That way, interested agencies donât have to perform redundant security checks, potentially saving as much as $200,000 per certification.

Today, a team of federal security professionals vets the integrity of the auditing firms. In 2011, before FedRAMP was even fully conceived, government officials said they would outsource this work to save money and increase throughput. In February, they began researching private accreditation bodies that could take over the vetting, according to contracting databases.

The planned privatization of the "accreditation function will result in a pause in accepting new applications," Jackeline Stewart, a spokeswoman for the General Services Administration, the governmentâs purchasing division, said in an email. The length of the hiatus depends on the time it takes to conduct a fair competition and then shift responsibilities, she added.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!