Summary: The ultimate goal of a recent equivalency memo from the Defense Department is to support companies using cloud services that are not yet FedRAMP certified by allowing them to go through a third-party assessment instead. “We don’t have the capacity to accept or track [plans of action and milestones] like the Federal Risk Authorization Management Program (FedRAMP) does. But I do want to give credit to the companies that are trying to leverage a cloud that’s not yet FedRAMP certified by having a [third party assessment organization] to come in and say, ‘Okay, are they good with [National Institute of Standards and Technology Special Publication] 800-171 or not?’ And if they’re not, what’s the delta that the customer has to handle? That’s all we were trying to do there,” David McKeown, DoD’s chief information security officer, told Federal News Network after he spoke at the Meritalk’s Accelerate AI forum. “I understand there’s some confusion. I think we’re going to have a call with industry where we have a large number of them come onto the call, and talk through this a little bit more, and tell us where we can maybe clarify the memo.” Learn more about your ad choices. Visit megaphone.fm/adchoices
