Federal Cloud Security Is Now Partially Privatized

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2013/07/federal-cloud-security-now-partially-privatized/67292/

By Aliya Sternstein
Nextgov.com
July 23, 2013

The government has partially privatized the certification of agency cloud 
services by tapping the American Association for Laboratory Accreditation 
to vet inspectors of commercial data centers, federal officials announced 
on Tuesday.

Since the 2011 inception of the Federal Risk and Authorization Management 
Program -- the process for authorizing cloud providers -- the government 
has planned to hand off auditor accreditation to an independent body. This 
is because the government is cash-strapped and short on time. FedRAMP is 
intended to expedite the governmentwide shift to cloud computing.

All contractors that want to sell Web services to the government must 
undergo evaluation by an accredited inspector by June 2014. Typically 
security consulting firms, such as KPMG, have applied for these auditor 
spots.

On Tuesday, federal officials said in a statement that privatization "will 
allow for more in-depth analysis of an applicant’s conformance to 
inspection and information security standards, making the process more 
rigorous." Auditing firms are responsible for examining cloud companies' 
physical and virtual security.

[...]

--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/