Proposed Security Assessment & Authorization for U.S. Government Cloud Computing
Over the past 18 months, an inter-agency team comprised of the National Institute
of Standards and Technology (NIST), General Services Administration (GSA), the CIO
Council and working bodies such as the Information Security and Identity Management
Committee (ISIMC), has worked on developing the Proposed Security Assessment and
Authorization for U.S. Government Cloud Computing. This team evaluated security
controls and multiple Assessment and Authorization models for U.S. Government Cloud
Computing as outlined in this document.
The attached document is a product of 18 months of collaboration with State and
Local Governments, Private Sector, NGO’s and Academia. This marks an early step
toward our goal of deploying secure cloud computing services to improve performance
and lower the cost of government operations, but we need to improve this document
through your input.
Often stated, but still true, we recognize that we do not have a monopoly on the
best ideas. We seek your input, knowledge, and experience to help us frame appropriate
security controls and processes for the Federal Government’s journey to cloud
computing. The attached document is a draft and is designed to encourage robust debate
on the best path forward.
Comments on the documents should be submitted online at www.FedRAMP.gov by
December 2nd . We look forward to your active engagement and substantive comments.
U.S. Chief Information Officer