FedRAMP May Be Slow to Ramp Up

FedRAMP, the new program intended to accelerate security approvals of so-called cloud applications, may take a while to get off the ground, according to several federal chief information officers.

The General Services Administration on Nov. 2 issued a single list of cybersecurity requirements that contractors and all agencies eventually will be able to use for deploying cloud computing services. FedRAMP is aimed at doing away with redundant efforts at every agency to assess cloud products -- typically hosting services, software and data storage that companies provide to computer users via the Net.

Later in the week, at a meeting with a federal board that advises the National Institute of Standards and Technology, GSA CIO Casey Coleman and Justice Department CIO Vance Hitch hesitated to address the schedule for finalizing the program's procedures.

After a few seconds of silence, Coleman said: "Seeing as how everything is ultimately political in nature, it will depend upon the timing that works for the administration with other competing priorities. And political only in the sense of the timing has to work for the administration."

Hitch noted that the proposed specifications must be vetted by a large group of stakeholders, including privacy advocates, vendors and agencies, and then tweaked before the program starts.

He said White House Cyber Czar Howard Schmidt told him that the Obama administration is shooting for January.

"I can't predict exactly when this is going to go forward," Hitch said. "I'm leery of dates given to the sensitivity of it."