This past month, the General Services Administration (GSA) has continued to fine tune their focus on the issue of government-wide cloud security by teaming up with the American Association for Laboratory (A2LA). The A2LA is a non-profit organization that will review every interested business’s application to become eligible as a 3PAO (third-party assessment organization). Due to the importance of cloud services and the amount of private information potentially at risk, the GSA will be taking every reasonable precaution. Once federal data is placed on cloud services and/or products, the government will be able to properly monitor and secure the information. These measures are being taken to reduce the risk of a cyber break in or attack. To date, 22 companies have been chosen that meet FedRamp (Federal Risk and Authorization Management Program) standards. Third party organizations and firms have been a constant presence in government procures over the past few years.
The FedRamp office within the GSA makes all the final decisions when it comes to approving businesses for cloud security services. Dave McClure, associate administrator of GSA’s Office of Citizen Service and Innovative Technologies, stated, “The selection of A2LA (American Association for Laboratory Accreditation) to handle the 3PAO reviews is a significant milestone as we grow FedRAMP in partnership with industry and government cloud stakeholders. A2LA’s involvement with continued government oversight improves the resources and rigor of our review process, further strengthening FedRAMP.”