http://www.nextgov.com/cybersecurity/2013/07/federal-cloud-security-now-partially-privatized/67292/
By Aliya Sternstein
Nextgov.com
July 23, 2013
The government has partially privatized the certification of agency cloud
services by tapping the American Association for Laboratory Accreditation
to vet inspectors of commercial data centers, federal officials announced
on Tuesday.
Since the 2011 inception of the Federal Risk and Authorization Management
Program -- the process for authorizing cloud providers -- the government
has planned to hand off auditor accreditation to an independent body. This
is because the government is cash-strapped and short on time. FedRAMP is
intended to expedite the governmentwide shift to cloud computing.
All contractors that want to sell Web services to the government must
undergo evaluation by an accredited inspector by June 2014. Typically
security consulting firms, such as KPMG, have applied for these auditor
spots.
On Tuesday, federal officials said in a statement that privatization "will
allow for more in-depth analysis of an applicant’s conformance to
inspection and information security standards, making the process more
rigorous." Auditing firms are responsible for examining cloud companies'
physical and virtual security.
[...]
--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
