The video at the "byzantine regulatory framework" link[1] is worth a watch (at least the first 10 minutes to get a taste). One of the most valuable offerings of cloud.gov is (hopefully) the ease with which it can go through the ATO and FISMA processes because it was designed with them in mind.[1]https://www.youtube.com/watch?v=T1S52B1-NT4
sailfast|10 years ago
EDIT: After viewing Noah's FISMA guidance vid (nice work) there is definitely possibility to expedite but to really grease things you'd want to create a certification arm within GSA that can sign off the risk or perform a "certified" risk assessment on behalf of the customer agency so you could do things your way while still allowing them to sleep at night. Once you get into sensitive data loads and non-public stuff people start to get even more risk averse. / End Edit
That said, I'm hopeful that it does pave the way for change because this kind of platform is critical to reducing the barriers to experimentation in government. Perhaps because 18F is committing to supporting / upgrading the platform it will allow Federal CIOs and CISOs to shift some of the risk to 18F and sign the paperwork more quickly.
aidanfeldman|10 years ago