Yesterday, I hosted a panel at the Cloud Computing summit focused on cloud security for the federal government. The panel was made up of some smart folks: Alex Hart from VMware, Bob Wambach from EMC and one of the primary authors of the Cloud Security Alliance guidelines, Chris Hoff from Cisco.

While these folks offered great contributions, most questions were focused on the fourth member of the panel, Peter Mell from NIST, the chair of the Federal Cloud Computing Advisory Council. Why? Let's just say that Mell may be the single individual most focused on cloud security in the world. Mell has been tasked with defining cloud computing standards for the entire federal government -- a big responsibility since President Obama and Federal CIO Vivek Kundra continue to trumpet the benefits of cloud computing and push federal agencies to adopt pilot projects.

Mell's work will soon come to fruition when the feds introduce the Federal Risk and Authorization Management Pilot program (FedRAMP). FedRAMP has two primary goals:

1. Aggregate cloud computing standards. Today, many agencies have their own set of standards which complicates procurement and frustrates federally-focused technology vendors. FedRAMP is intended to consolidate cloud computing requirements into one set of standards that span the entire federal government.

2. Ease agency certification processes. Let's say Microsoft's federal cloud is FISMA certified by the Dept. of Agriculture. In today's world, this wouldn't matter to any other agency -- they would still be required to certify Microsoft's cloud before procuring services. Kundra, Mell, et. al. recognize the redundancy and waste here. With FedRAMP, once a cloud provider passes the Certification and Accreditation (C and A) of one agency, all other agencies get a free pass.

The link for this article located at Network World is no longer available.