The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announces that it has partnered with the Federal Risk and Authorization Management Program (FedRAMP), at the U.S. General Services Administration (GSA). The two programs will work together to develop FedSTAR that offers mutual recognition between the two security programs based on a common framework for deployment, use and maintenance.
“FedRAMP and CSA’s STAR are among the most used cloud certifications worldwide, however, because they are deployed separately and incompatible, cloud service providers (CSP) spend valuable resources in duplicating efforts to comply with both systems,” said Kate Lewin, Federal Director, Cloud Security Alliance.
“Complying with multiple systems is not only confusing, costly and ineffective but acts as a barrier to market entry for smaller companies. That’s about to change with the development of FedSTAR. Now, CSPs will be able to earn two certifications with one audit, saving both time and money,” she added.
Cloud service providers are in desperate need of tools they can use to analyze and assess their security posture, as well as use to conduct continuous monitoring. FedSTAR will provide processes and methodologies that allow CSPs to stop replicating steps that are common between FedRAMP and STAR. This collaboration will demonstrate the effectiveness and efficiency of joint efforts with the U.S. Government and industry to reduce compliance burdens on private-sector companies.
CSA and the GSA have agreed to establish a working group to begin work on bridging the gaps. The group will engage independent, third-party assessor companies to conduct a gap analysis between STAR and FedRAMP controls.
Further, the working group will seek input from all stakeholders, including cloud service providers, the security community (CISOs, risk managers) and Federal government as it sets out to determine which processes and procedures from each system can be recognized and accepted by both, including the Independent Third-Party Assessors certification processes, documentation format, and standards for mutual acceptance. Individuals and organizations interested in participating in the working group are invited to contact Katie Lewin, Federal Director, CSA.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org
