David McClure, Associate Administrator at GSA’s Office of Citizen Services and Innovative Technologies, announced at the AFFIRM event on April 13th that the third party assessment organizations (3PAOs) will be announced in May 2012.
This is a major step for FedRAMP, which will start the process for cloud service providers to obtain the provisional authorizations. These 3PAOs are an important part of the FedRAMP process, because they will be validating the cyber security control requirements for service providers. While the review is being handled mainly by DHS and GSA, the entire Joint Authorization Board (JAB) will have the final say on who will be a 3PAO. The JAB consists of the Chief Information Officers from GSA, DHS, and DOD. Department of Homeland Security Chief Information Officer, Richard Spires, said that once the 3PAO’s are picked in May, he expects the program to take-off in June of this year.
While FedRAMP will mandate the minimum level of security requirements, Casey Coleman, GSA Chief Information Officer, wanted to clarify that even with the FedRAMP program, meeting FISMA security requirements is still mandatory. With the FedRAMP program starting to pick-up speed, this is a good sign that the government cloud computing era is upon us.