This report references the establishment of a shared assessment and authorization process for cloud computing. The strategy outlines how the federal government can accelerate the safe, secure adoption of cloud computing, and provides agencies with a framework for migrating to the cloud. It also examines how agencies can address challenges related to the adoption of cloud computing, such as privacy, procurement, standards, and governance.
However, the strategy does not address other security challenges such as needed agency-specific guidance, the appropriate use of attestation standards for control assessments of cloud computing service providers, and the division of information security-related responsibilities between customer and provider. Until these challenges are addressed, agencies may have difficulty readily adopting cloud computing technologies.