GSA releases government-wide guidelines for cloud computing

"Ensuring data and systems security is one of the biggest and most important challenges for federal agencies moving to the cloud," said David McClure, GSA's associate administrator for citizen services and innovative technologies. 

GSA's list of comprehensive requirements, known as the Federal Risk and Authorization Management Program (FedRAMP), is designed to provide agencies with a single set of guidelines for how they should evaluate cloud vendors' security practices before awarding them contracts. Vendors also benefit by not having to undergo redundant security checks to work with different agencies.

"FedRAMP's uniform set of security authorizations can eliminate the need for each agency to conduct duplicative, time-consuming, costly security reviews," McClure added.

Federal Chief Information Officer Vivek Kundra said in a statement that simplifying how agencies buy cloud services will make the government more cost-effective and energy-efficient. GSA is currently seeking input from agencies, vendors and the public on what the process for evaluating cloud providers' security should include.

Those interested can visit and comment until Dec. 3.