Blue glowing high energy plasma field in space, computer generated abstract background

The US Government and Cloud Computing Standards

Last week I attended and was able to present at the Cloud Computing Forum & Workshop II that was hosted by NIST (National Institute of Standards and Technology). It was a two day event with presentations and panel discussions on the first day and breakout working sessions on the second day. The event was kicked off by presentations from Vivek Kundra, US, Chief Information Officer and Dr. Patrick Gallagher the Director of NIST. This is the second workshop, as the first one was held back in May of this year and was the launch pad for two new programs FedRAMP and SAJACC.


The Federal Risk and Authorization Management Program or FedRAMP was established to provide a standard approach to Assessing and Authorizing (A&A) cloud computing services and products for use in the various US agencies. It is inteneded to be a centralized security authorization of cloud computing systems for both commercial and government entities to be used government-wide. It is also designed to be a centralizing authorization allowing multiple Federal agencies to leverage a single security authorization.


Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) initiative was developed to “drive the formation of high-quality cloud computing standards by providing worked examples showing how key use cases can be supported on cloud systems that implement a set of documented and public cloud system specifications”.  As a part of the workshop NIST unveiled its new website portal and its first set of use case for public review. This document outlines twenty-four unique functional use cases that can be used to validate proposed standards. It important to note that the work going on in the DMTF an inparticular OVF the Open Virtualization Format was mentioned throughout the use cases as an example of a portability standard that can be used to solve the interoperability requirements of the use case. Other standards such as a common cloud interface or API and security technology best practices will also need to be developed and utilized.


This meeting was the kick-off of the work we need to do together to provide true cloud interoperability standards and provide technology choices and portability for government agencies. Over the weeks and months ahead Standards Development Organizations (SDOs) like the DMTF and others in the industry will be participating with NIST to develop the list of standards and the testing and validation of these standards. The end goal of this effort is to enable US government agencies to get the interoperbility, portability and security they require for their future cloud computing needs.


Leave a Reply

Your email address will not be published. Required fields are marked *