Feds need to put the fizz in FISMA

From: Gigaom

By Barb Darrow

Any cloud service provider worth its salt is rushing to claim compliance with the Federal Information Security Management Act of 2002, aka FISMA. The only problem is that FedRAMP, the government effort aimed at ensuring a safe move to cloud computing as part of the government’s “Cloud First” initiative, won’t be signing off on these certifications for another three or four months.

FISMA was meant to define a framework for protecting government information and operations against natural or man-made threats. Three levels of threat — low, moderate and high — were defined, based on the potential impact of a security breach. The latest action in the cloud comes as cloud providers lay claim to the “FISMA moderate” designation, meaning that the threat of a breach could result in “moderate” damage in terms of loss of “confidentiality, integrity or availability.”

Gaining a “FISMA moderate” designation is an important checklist item that would make cloud services more palatable to government agencies that want to move to the least expensive deployment option but also protect their data. Virtustream is the latest cloud vendor to hoist the FISMA moderate flag, saying Monday that its Vienna, Va., data center earned the moderate level FISMA authorization and accreditation certificate. It already held the FISMA “Low” accreditation. To attain moderate ranking, it had to show sufficient “physical controls and procedures to ensure that the site is secure via biometrics and other controls and is highly available through redundancy,” according to a Virtustream statement.

Amazon Web Services claimed the FISMA moderate mantle in September. As AWS evangelist Jeff Barr wrote at the time:

After receiving our FISMA Low level certification and accreditation, we took the next step and started to pursue the far more stringent FISMA Moderate level. This work has been completed, and the door is now open for a much wider range of US Government agencies to use AWS as their cloud provider. Based on detailed security baselines established by the National Institute of Standards and Technology (NIST), FISMA Moderate certification and accreditation required us to address an extensive set of security configuration and controls.

There’s nothing wrong with these FISMA claims; it’s just that they’re not really official — yet. FedRAMP will take another three or four months to review and generate a list of compliant companies, said a spokesman for the U.S. General Services Administration (GSA).

One thing is clear: the race is on to win government cloud business, said John Pescatore, Internet security analyst and VP at Gartner. “There’s definitely going to be money in direct sales to the government but also sales to companies like defense contractors that do business with the government.” Being on that FISMA-approved list will be non-negotiable to most high-tech companies.

Already there have been some nasty, revenue-driven vendor spats over FISMA claims, such as when Microsoft publicly questioned Google’s claim of FISMA compliance for Google Apps.

Sorry states: FedRAMP for feds only

One problem is that while FedRAMP pertains to federal cloud deployments only, many worry that budget-constrained states and cities will read any FISMA certification as some sort of safety guarantee. (The TechAmerica Foundation last week released its own set of best practices and guidelines for cloud deployment.)

Jeff Gould, president of Peerstone Inc., warned of this issue. “FISMA is a federal standard, but you also have a lot of state and local governments wanting to save money. Many will point to the FISMA badge as justification, although it is irrelevant to them,” he said. “We’ve got a race to the bottom where CIOs in smaller government entities are looking for any excuse to get the cheapest thing. The danger is that the vendors will take this FISMA certification as a blanket label to say ‘I’m the safe and secure cloud.’”

There’s little doubt that, over time, more of the government’s data and workloads will move to the cloud. But there’s no substitute for due diligence — which is what the FedRAMP effort proposes. The last thing any of these constituencies — cloud vendors, agencies, integrators, the government itself — needs is a public snafu.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

71 responses to “Feds need to put the fizz in FISMA”

  1. This article will help the internet viewers for building up new web site or even a
    weblog from start to end.

  2. Thanks for the good writeup. It in reality was once a
    leisure account it. Glance complex to far introduced agreeable from you!
    However, how can we keep in touch?

  3. Hi there to every , for the reason that I
    am actually keen of reading this webpage’s post to be updated daily.
    It carries good material.

  4. Betty says:

    Very soon this site will be famous among all blog viewers, ddue to it’s nice posts

  5. my blog says:

    I was more than happy to discover this great site.
    I want to to thank you for ones time for this
    particularly fantastic read!! I definitely enjoyed every little bit
    of it and I have you book marked to check out new stuff in your web site.

  6. trener says:

    Hi to every body, it’s my first visit of this web site; this website
    carries amazing and genuinely good stuff for visitors.

  7. I have read so many posts on the topic of
    the blogger lovers except this article is genuinely a pleasant article, keep it up.

  8. Thanks designed for sharing such a good thinking, paragraph
    is pleasant, thats why i have read it entirely

  9. Amazing things here. I’m very happy to look your post.

    Thank you a lot and I am having a look ahead to contact you.

    Will you please drop me a mail?

  10. new raybans says:

    I blog quite often and I genuinely appreciate your information.
    This great article has really peaked my interest.

    I’m going to book mark your site and keep checking for new details about once a
    week. I subscribed to your Feed too.

  11. forex forum says:

    Thanks , I’ve just been looking for information approximately this subject for ages and yours is
    the greatest I have found out so far. However, what about the bottom line?
    Are you certain in regards to the source?

  12. Tilly says:

    Hello, the whole thing is going fikne here and ofcourse every
    one is sharing facts, that’s truly excellent, keep uup writing.

  13. I’m amazed, I have to admit. Seldom do I come across a blog that’s equally educative and amusing, and without a doubt, you have hit the nail on the head.
    The problem is an issue that not enough men and women are
    speaking intelligently about. I’m very happy I found this
    in my hunt for something regarding this.

  14. cineblog01 says:

    Very soon this web page will be famous amid all blog users, due to it’s nice articles

  15. Very rapidly this web page will be famous amid all blog people, due to it’s pleasant posts

  16. Simply wish to say your article is as astonishing.
    The clarity in your post is just nice and i can assume you’re an expert on this subject.
    Well with your permission allow me to grab your feed to keep up to date with forthcoming post.
    Thanks a million and please keep up the gratifying work.

  17. Doskonały artykuł, w sumie to ma sens, chociaż w niektórych kwestiach bym polemizowała.

    Z pewnością sam blog może liczyć na uznanie.
    Jestem pewna, że tu jeszcze wpadnę.

  18. Super post, generalnie się z Tobą zgadzam, jednakże w niektórych
    kwestiach bym się kłóciła. Z pewnością Twój blog zasługuje na szacunek.
    Myślę, że tu wrócę.

  19. bukadepo says:

    You could certainly see your expertise in the work you write.
    The arena hopes for more passionate writers like you who aren’t afraid to say
    how they believe. All the time go after your heart.

  20. download mp3 says:

    Very nice write-up. I certainly appreciate this site. Continue the good work!

  21. Hello friends, its wonderful paragraph regarding teachingand fully defined, keep it up all the time.

  22. This website was… how do I say it? Relevant!!
    Finally I’ve found something which helped me.

    Thanks a lot!

  23. fashion blog says:

    It’s amazing for me to have a site, which is valuable in support of my knowledge.
    thanks admin

  24. zedge01 says:

    What you wrote was actually very logical.
    But, what about this? what if you were to create a killer headline?
    I am not saying your content isn’t good., but what if you added a title to maybe get a person’s attention?
    I mean Feds need to put the fizz in FISMA » Regulatory Cyber Security: The
    FISMA Focus IPD is a little plain. You should glance at Yahoo’s front page and note
    how they create news titles to get viewers interested.
    You might try adding a video or a pic or two to get people excited about what
    you’ve got to say. Just my opinion, it would bring your website
    a little livelier.

  25. https://taksimtours.com/

    places to visit in istanbul,things to do in istanbul,istanbul
    to
    cappadocia,السياحة في اسطنبول,اماكن سياحية في اسطنبول,
    المسافرون العرب
    تركيا,فنادق في اسطنبول

  26. Katia says:

    Useful info. Lucky me I found your website unintentionally, and I’m surprised why this twist of fate didn’t took place in advance!
    I bookmarked it.

  27. dragkrok says:

    Hi, everything is going perfectly here and ofcourse every one is sharing
    facts, that’s genuinely good, keep up writing.

  28. Super post, ogólnie masz racje, chociaż w niektórych kwestiach bym się kłóciła.
    Z pewnością ten blog zasługuje na uznanie. Z pewnością
    tu wrócę.

  29. BisaQQ says:

    Thanks for the good writeup. It if truth be told was
    a leisure account it. Glance complex to more delivered agreeable from
    you! By the way, how can we communicate?

  30. term loan says:

    To follow up on the update of this topic on your blog and would wish to
    let you know just how much I valued the time you took to write this
    valuable post. Within the post, you really spoke regarding
    how to definitely handle this problem with all convenience.
    It would be my pleasure to build up some more strategies from your site and come up to
    offer other individuals what I discovered from you. I appreciate your usual terrific effort.

  31. Appreciation to my father who informed me on the topic of this blog, this webpage is genuinely
    remarkable.

  32. Doskonały post, w sumie to ma sens, choć w kilku aspektach
    bym się kłóciła. Na pewno Twój blog zasługuje na szacunek.
    Z pewnością tu jeszcze wpadnę.

  33. My programmer is trying to convince me to move to .net from PHP.

    I have always disliked the idea because of the
    costs. But he’s tryiong none the less. I’ve
    been using WordPress on a number of websites for about a
    year and am concerned about switching to another platform.

    I have heard good things about blogengine.net. Is there a
    way I can import all my wordpress content into it?
    Any kind of help would be really appreciated!

  34. I am regular reader, how are you everybody? This piece of writing posted at
    this web site is actually good.

  35. Hey, I think your website might be having browser compatibility issues.
    When I look at your blog site in Chrome, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that, excellent blog!

  36. Please let me know if you’re looking for a writer for your blog.

    You have some really good posts and I feel I would be a
    good asset. If you ever want to take some of the load off, I’d absolutely love to write some content
    for your blog in exchange for a link back to mine.
    Please blast me an email if interested. Kudos!

  37. It’s going to be finish of mine day, but before ending I am reading
    this impressive post to improve my experience.

  38. This post offers clear idea in favor of the new
    users of blogging, that really how to do running a blog.

  39. It’s going to be end of mine day, except before finish
    I am reading this enormous post to increase my experience.

  40. Piękny post, ogólnie masz racje, jednakże w kilku kwestiach bym polemizowała.
    Na pewno ten blog może liczyć na uznanie.
    Myślę, że tu wrócę.

  41. bookmarked!!, I love your blog!

  42. IPTV sverige says:

    I read this piece of writing fully about the resemblance
    of newest and earlier technologies, it’s awesome article.

  43. full match says:

    A fascinating discussion is definitely worth comment.
    There’s no doubt that that you need to publish more
    on this subject matter, it may not be a taboo subject but usually folks don’t discuss such
    issues. To the next! Many thanks!!

  44. 削骨權威 says:

    Simply wish to say your article is as astounding. The clearness in your post is just spectacular and i could assume you’re an expert on this subject.
    Fine with your permission allow me to grab your feed to keep up to date with forthcoming post.

    Thanks a million and please continue the gratifying
    work.

  45. Hi my name is triptigoyal i Want to Hang out with our charming Faridabad
    Escorts. Our Model call girls in Faridabad open for 24X7 at your services.

    Have you ever visit us in Faridabad.

  46. You have Provided an Excellent Information through your blog.However You can visit my website for more information http://www.doctorabroad.co.in/mbbs-in-philippines/

  47. sex says:

    Female Escorts Beirut, get hot and sexy call girls from our agencies
    and feel exciting moments in a pleasant ambiance.
    For booking visit our website. We are providing these
    service Porn, watch porn, anal fingering, squirt, pussy,
    casino, bet, oral sex, sex, drugs, Pharmacy, penis,
    porn video

  48. 工藤静香 says:

    Thanks for finally talking about >Feds need to put the fizz in FISMA > Regulatory Cyber Security:
    The FISMA Focus IPD <Loved it!

  49. I’d perpetually want to be update on new content on this internet site, saved to bookmarks! https://www.makeyourownsiliconebracelets.com

  50. It’s really a great and useful piece of information. I’m
    happy that you just shared this useful info with us.
    Please stay us informed like this. Thanks for sharing.

  51. Hurrah! Finally I got a weblog from where I can actually obtain valuable facts regarding my study and knowledge.

  52. I have learn several just right stuff here. Certainly price bookmarking for revisiting.
    I surprise how so much effort you set to make any such magnificent informative website.

  53. Jasagol says:

    Hеllo, jսѕt wanted tⲟ saү, I loved this post. It was practical.
    Қeep on posting!

  54. What a data οf un-ambiguity and presеrveness of precious
    famiⅼiarity on the topic of unpredicted emotions.

  55. I used to be suggested this blog via my cousin. I am no longer
    positive whether or not this publish is written by means of him
    as nobody else recognize such detailed about my
    problem. You’re amazing! Thanks!

  56. Jerrell says:

    All Sam Villa Shears can be used on wet or dry hair.

  57. Fantastic site you have here but I was curious if
    you knew of any community forums that cover the same topics talked about in this article?
    I’d really love to be a part of group where
    I can get comments from other knowledgeable people that share the
    same interest. If you have any recommendations, please let me know.
    Thank you!

  58. Elscooter says:

    Jag gillar verkligen att prata om elscootrar och hoppas det kommer någon mer artikel om elscooter

  59. Super post, ogólnie się z Tobą zgadzam, choć w kilku aspektach bym się kłóciła.

    Na pewno Twój blog może liczyć na szacunek.
    Myślę, że tu jeszcze wpadnę.

  60. Super post, ogólnie się z Tobą zgadzam, choć w niektórych
    aspektach bym polemizowała. Na pewno Twój blog może liczyć na uznanie.
    Z pewnością tu wrócę.

Leave a Reply

Your email address will not be published.

Please Answer: *