Federal CIO Steve VanRoekel issued a new directive for agencies Dec. 8 to use FedRAMP for shared security certification.

The memo:

  • Establishes federal policy for the protection of federal information in cloud services;
  • Describes the key components of FedRAMP and its operational capabilities;
  • Defines Executive department and agency responsibilities in developing, implementing, operating, and maintaining FedRAMP; and
  • Defines the requirements for Executive departments and agencies using FedRAMP in the acquisition of cloud services.