From Cloud First to Cloud Smart - The 2018 Federal Cloud Computing Strategy — Cloud Smart — is a long-term, high-level strategy to drive cloud adoption in Federal agencies. This is the first cloud policy update in seven years, offering a path forward for agencies to migrate to a safe and secure cloud infrastructure. This new strategy will support agencies to achieve additional savings, security, and will deliver faster services.
Cloud.gov helps teams build, run, and authorize cloud-ready or legacy government systems quickly and cheaply. It offers a fast way for federal agencies to host and update websites, APIs, and other applications. Employees and contractors can focus on developing mission-critical applications, leaving server infrastructure management to the experts. Cloud.gov has a FedRAMP Joint Authorization Board (JAB) authorization, which means it complies with federal security requirements. When you build a system on Cloud.gov, you leverage this compliance and reduce the amount of work you need to do.
FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud. It does this by:
- Facilitating the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.
- Enabling agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.
- Offering a list of Cloud solutions that have achieved a FedRAMP authorization, a reusable method saves money and time.
FedRAMP is a program office funded to assist and provide guidance to Agencies in support of their move to modern, secure cloud technologies.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
The long term goal is to provide thought leadership and guidance around the cloud computing paradigm to catalyze its use within industry and government. NIST aims to shorten the adoption cycle, which will enable near-term cost savings and increased ability to quickly create and deploy enterprise applications. NIST aims to foster cloud computing systems and practices that support interoperability, portability, and security requirements that are appropriate and achievable for important usage scenarios.
Special Publication 800-145
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
Special Publication 500-291r2
The NIST Cloud Computing Standards Roadmap Working Group has surveyed the existing standards landscape for security, portability, and interoperability standards/models/studies/use cases, etc., relevant to cloud computing. Using this available information, current standards, standards gaps, and standardization priorities are identified in this document. The NIST Definition of Cloud Computing identified cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Special Publication 500-292
The adoption of cloud computing into the Federal Government and its implementation depend upon a variety of technical and non-technical factors. A fundamental reference point, based on the NIST definition of Cloud Computing, is needed to describe an overall framework that can be used government-wide. This document presents the NIST Cloud Computing Reference Architecture (RA) and Taxonomy (Tax) that will accurately communicate the components and offerings of cloud computing.
Special Publication 500-322
This document provides clarification for qualifying a given computing capability as a cloud service by determining if it aligns with the NIST definition of cloud computing; and for categorizing a cloud service according to the most appropriate service model (SaaS, PaaS, or IaaS).