Draft standards, due out next week, will provide a baseline for securing the federal government’s high-impact systems in the cloud.
The move is a huge step forward for agencies — which until now had been focused on securing low- and moderate-impact cloud computing systems — in terms of how disrupted systems may affect organizational operations and assets.
Growing demand from agencies seeking to reap the benefits of cloud computing has shifted the focus to high-impact systems, or those systems that are necessary to support agencies’ continuity of operations. Also included in that category, according to a November 2013 Office of Management and Budget (OMB) memo, are all cyber critical infrastructure and key resources identified in agencies’ Homeland Security Policy Directive 7 plans. “Information systems used by agencies to provide services to other agencies such as under E-Government initiatives and lines of business, could also be high impact, but are at least moderate impact,” the OMB noted in the memo.