[Owasp-leaders] Call for comments: US FedRAMP process

Rex Booth rex.booth at owasp.org
Wed Dec 15 16:26:12 EST 2010


All,

As you may know, the US Federal government is initiating a new 
certification and accreditation process called FedRAMP.  FedRAMP is a 
program that will allow cloud-oriented services and applications to 
undergo the certification and accreditation process (now called 
Assessment and Authorization) once for the entire Federal government 
instead of once per agency.  There's a lot of buzz about this among 
private sector companies and within the agencies.

OWASP can contribute by reviewing the draft plan which includes details 
of the process as well as descriptions of the additional controls 
expected for cloud services.  Comments are due January 17, so this is a 
relatively tight turn-around.

I'll be coordinating OWASP's reply to the request for comments.  Please 
let me know if you're interested in participating and I'll include you 
in the kick-off next week.

In the meantime, more information on FedRAMP can be found at the 
following link:
http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP

Thanks,
Rex


More information about the OWASP-Leaders mailing list