Federal CIO Steve VanRoekel issued a new directive for agencies Dec. 8 to use FedRAMP for shared security certification.
The memo:
- Establishes federal policy for the protection of federal information in cloud services;
- Describes the key components of FedRAMP and its operational capabilities;
- Defines Executive department and agency responsibilities in developing, implementing, operating, and maintaining FedRAMP; and
- Defines the requirements for Executive departments and agencies using FedRAMP in the acquisition of cloud services.