Budget deal threatens government cloud security clearances

A program aimed at curbing federal information technology costs by expediting security certifications for shared, so-called clouds might be a victim of the latest round of budget cuts, technology officials familiar with funding conversations said.

A proposed $35 million e-government account that supports FedRAMP, the cloud security effort, was gutted under the pact lawmakers struck on Friday to avert a government shutdown. While the details on how the account will be divvied up among programs are still unknown, Congress reduced the fund to $8 million.

FedRAMP, which the General Services Administration is supposed to finalize by the summer, would provide departments with standard requirements for approving safeguards in Web-accessible IT, or cloud services. If agencies want to install a cloud-based system already in use at another department, then they would be able to skip the certification phase of the buying process.

Even if funding for FedRAMP is retained this go-round, the program might not survive the debate over spending for the 2012 fiscal year that begins in October.

Some vendors say federal officials have been unable to delineate where money for FedRAMP will come from. The National Institute of Standards and Technology helped create the program but does not fund it. It was evident at a spring 2010 NIST cloud conference that FedRAMP was not fully funded and officials had not thought through the financials for the program, said Schalk Theron, a vice president at cloud provider SpringCM.

"I believe NIST did a great job to define the program -- but I don't believe the budget responsibility lies with NIST in applying the program," he said.

The Obama administration is anticipated to shift funding for FedRAMP from the e-government pool to GSA's Federal Acquisition Service by fiscal 2012, Theron added.

President Obama's fiscal 2011 e-government request asked "for necessary expenses in support of interagency projects that enable the federal government to expand its ability to conduct activities electronically, through the development and implementation of innovative uses of the Internet," and added the proposed appropriations would support "projects that will use the Internet or other electronic methods to provide individuals, businesses and other government agencies with simpler and more timely access to federal information, benefits, services and business opportunities."

A former senior IT official during the Bush administration who requested anonymity because of the political sensitivity of the issue said he expects IT administrative costs, including information security expenses such as FedRAMP, will be sacrificed to pay for national security efforts.

White House officials have not executed the good intentions they outlined upon taking office in 2009 to ease purchases of cutting-edge technology, the official said.

The budget wars have frustrated some IT managers who now are hesitant to move forward on upgrades out of concern they will not receive continuous funding, the source added.

Office of Management and Budget and GSA officials did not respond to multiple requests for comment. NIST, which now serves as an adviser on the program, referred questions to GSA.

Separately, Justice Department Chief Information Officer Vance Hitch told Nextgov in an interview on Tuesday that the White House is very engaged in the governmentwide switch to cloud computing. In addition, the Chief Information Officers Council, which OMB chairs, has been involved in steering FedRAMP, he said.