Making Cloud SLAs readily usable in the EU private sector
FedRAMP: Federal Risk and Authorization Management Program
The Federal Risk and Authorization Management Program (FedRAMP) is an assessment and authorisation process which U.S. federal agencies have to use in order to ensure security is in place when accessing cloud computing products and services.
The program provides standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, and is the result of a collaboration among cybersecurity and cloud experts that aims to solve issues related to the incorporation of cloud computing technologies into US Federal IT infrastructure.
Cloud standards are an important part of the FedRAMP activities, that's why the US National Institute of Standards and Technology (NIST), one of the experts organisations involved in the program, has been working on ISO/IEC 19806, the most influential international standardization work on Cloud service level agreements (SLAs).
ISO/IEC 19806 works aims to defines base terminology and concepts related to Cloud SLAs. This includes lifecycle and main Service Level Objectives (SLOs) categories and is not restricted only to a security perspective. It proposes a technical model of reference for documenting Cloud SLA metrics, provides conformance criteria for Cloud SLAs and tackle the need for an international standard focused on the definition of security and privacy Cloud SLA elements.
Lack of standards and common terminology produce a costly and inefficient approach to cloud adoption for governmental agencies, but also for cloud service customers (CSCs) in general. That's why SLA-Ready, along with other services and tools, aims to provide a common understanding of cloud SLAs through it's contribution to standardisation activities like ISO/IEC 19806.
SLA-Ready & standards
But ISO/IEC 19806 it's not the only standardisation initiatives on which SLA-Ready takes part: