FedRAMP - New Security Controls

The US Government's General Services Administration has released the details of its new policy regarding the requirements for government departments and agencies to follow in using cloud providers. The policy is not incorporated in legislation but is expected to become a part of the standard contracts for entering into arrangements with the providers.

Under the policy, there is extensive reliance in IT Controls, with 160 controls defined as part of the policy. The details of FedRAMP are contained on its website. Also, this linked article provides insight into its proposed role in government procurement of cloud services.