Up against a self-imposed Dec. 31 deadline, the government’s purchasing arm has yet to endorse any cloud products for quick acquisition. Some applicants and testers say the General Services Administration has been mum about the hoped for announcement on approvals.
Confusion over paperwork has complicated efforts for the Federal Risk and Authorization Management Program, or FedRAMP, according to interviews with cloud vendors and inspectors. FedRAMP, a security evaluation process, is intended to certify services for immediate use in any government agency. Inspections began in June.
Last week, GSA, which runs the program, released rules on the color scheme, placement and permitted uses of the FedRAMP seal of approval. Several auditors said constructive discussions about the contents of their evaluation reports and providers’ security plans have consumed more time than expected.