Dave McClure is associate administrator of the General Services Administration's Office of Citizen Services and Innovative Technologies. (GSA)
Verizon Federal Inc. and General Dynamics Information Technology are among companies whose cloud computing services and products will be vetted first by federal experts under a new mandatory security assessment program.
These companies and others that already provide cloud technology to agencies under the General Services Administration's Infrastructure-as-a-Service contract will be reviewed first, said Dave McClure, associate administrator of the General Services Administration's Office of Citizen Services and Innovative Technologies.
The governmentwide program, called the http://www.federaltimes.com/article/20111208/IT03/112080302/1036/IT">Federal Risk and Authorization Management Program (FedRAMP), is intended to quickly ensure that commercial cloud computing technology meets federal security standards so that agencies can more readily adopt it.
The administration plans to phase in the reviews beginning in June.
"We can't just open the doors wide open right from the start," said McClure, whose office will manage the program.
Other companies on existing government contracts that provide popular cloud services, such as email services, will also get priority vetting, McClure said.
Current and future government cloud providers will have to show they meet new security standards, which are due for release in January. Many companies will be reviewed by a three-member board comprised of chief information officers from GSA, the Department of Homeland Security and the Defense Department. But the board will not be capable of reviewing all vendors. Those vendors must still be reviewed by independent assessors, accredited by FedRAMP, to determine if their technology meets federal security requirements.
Joe Brown, president of Fairfax, Va.-based Accelera Solutions, said companies reviewed by the board early on will have a big market advantage because CIOs will be inclined to use technology that has been approved by their peers.
"By getting the FedRAMP certification [first], you should theoretically be able to have months of marketing in advance" of other companies that have not been through the FedRAMP process, said Brown, whose company provides infrastructure-as-a-service technology. "That should be a distinct advantage."