Policy & Procurement

Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.

Halvorsen formalizes new DOD cloud procurement policy

Sean Lyngaas, FCW,  Wednesday, December 17, 2014

Acting Defense Department CIO Terry Halvorsen has issued a memo outlining the Pentagon’s new cloud procurement policy, formally allowing the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to the Defense Information Systems Agency.

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

What the Future Holds for FedRAMP

Nicole Blake Johnson, FedTech,  Wednesday, December 17, 2014

Big changes are ahead for the Federal Risk Authorization Management Program, better known as FedRAMP. A new two-year road map that will be released Wednesday details more than 40 initiatives aimed at accomplishing three overarching goals: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies, by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies while focusing on risk management rather than compliance. The road map groups initiatives in six-, 12-, 18- and 24-month intervals.

Cloud Metrics Could Provide the Goldilocks Solution to Which Cloud Vendor Is 'Just Right'

National Journal,  Monday, December 15, 2014

As government agencies and other organizations invest in cloud computing services, they are challenged to determine which cloud provider and service will best meet their needs. As the nation's official measurement experts, the National Institute of Standards and Technology (NIST) has developed a guide to creating cloud metrics that could aid decision makers in finding the cloud service that is "just right." The new NIST guide, which is being offered as a draft for public comment, proposes a model for developing metrics-objective measures of capabilities and performance-that cloud-shopping organizations can use to navigate a rapidly expanding marketplace.

Will Government Regulation Kill the Internet of Things?

Jack Moore, Nextgov,  Monday, December 08, 2014

The government needs to update laws and regulations to accommodate the explosive growth of Internet-connected smart devices or risk falling behind the global technology curve. That's the view of a few tech-minded lawmakers who have turned their focus to the expanding web of objects and sensors that make up the so-called Internet of Things.

DoD trying to remove the haze around its use of commercial clouds

,  Monday, December 01, 2014

The Defense Department is taking a second bite at the cloud security apple. The Pentagon, without a doubt, understands how to protect government-only clouds, but with the growing acceptance and use of commercial clouds, achieving the proper balance of security, cost and accessibility has proved to be more challenging than expected. To that end, DoD recently released the results of a 45-day study, called The DoD Cloud Way Forward, detailing three new approaches to help military services and agencies ensure the security of the commercial clouds they use. "A key aspect of the report is clear guidance to both cloud service providers and DoD Cloud Customers describing the cradle-to-grave process they must follow in order to move DoD computing into commercial cloud infrastructure," wrote DoD acting Chief Information Officer Terry Halvorsen, in the memo attached to the report.

Here’s What the Rewrite of DOD’s Cloud Strategy Will Look Like

Frank Konkel, Nextgov,  Tuesday, November 25, 2014

An update to the Defense Department’s cloud computing strategy aims to decentralize the process for purchasing commercial cloud solutions away from the Defense Information Systems Agency and toward individual agencies, according to a draft document of the retooled cloud strategy obtained by Nextgov.

GSA adopts agile acquisition for government marketplace

Rutrell Yasin, Federal Times,  Friday, November 21, 2014

GSA is working with other agencies to construct a Government Acquisition Marketplace that will result in cost savings, reduced duplication of acquisition programs and better procurement decisions. A Common Acquisition Platform (CAP) and category management are key supporting initiatives central to the creation of the marketplace.

Microsoft 365 first cloud email to gain FedRAMP approval

,  Friday, November 21, 2014

Microsoft’s Office 365 became the first Email-as-a-Service (EaaS) to gain accreditation under the Federal Risk and Authorization Management Program (FedRAMP) Thursday, receiving authority to operate (ATO) cloud services for the Department of Health and Human Services Office of the Inspector General. Microsoft’s Azure public cloud service received provisional authority to operate (P-ATO) last year, but the full ATO awarded Thursday makes it the first EaaS to gain full accreditation.

Google’s Admission to Data Mining of Student and Government Emails Demands Further Scrutiny

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, May 15, 2014

In a surprise announcement on April 30, 2014, Google announced on its company blog that it would no longer “collect or use student data in Apps for Education services for advertising purposes.” Google also noted that it would make similar changes to its Google Apps for Government products. This announcement suggests that Google has been scanning, storing and monetizing student, business and government emails for years, which raises concerns about Google’s past privacy practices and their future policies. This is a significant violation of the trust placed in the company by the schools and government agencies who signed contracts with the assurance that there would be “no ad-related scanning or processing” in Google Apps – language that Google once noted on their website.