This report was prepared by an inter-agency team comprised of the National Institute of Standards and Technology (NIST), General Services Administration (GSA), the CIO Council, and working bodies such as the Information Security and Identity Management Committee (ISIMC) have worked on developing the Proposed Security Assessment and Authorization for U.S. Government Cloud Computing. This team evaluated security controls and multiple Assessment and Authorization models for U.S. Government Cloud Computing as outlined in this report.
This report was a product of 18 months of collaboration with State and Local Governments, private sector, NGOs and Aacademia. It marks an early step toward the goal of deploying secure cloud computing services to improve performance and lower the cost of government operations.
This document describes a government-wide Federal Risk and Authorization Management Program (FedRAMP) to provide joint security assessment, authorizations and Continuous monitoring of cloud computing services for all Federal Agencies to leverage.