ABSTRACT
Within the information security domain, certification and accreditation represents a two-step process for determining the security posture of an information system and accepting the risk of operating the information system. Government organizations across the world and at every level depend heavily on information technology to achieve their mission and protect and serve their citizens and stakeholders. This chapter reviews key government regulations related to the certification and accreditation of cloud-based information systems and applicable certification and accreditation regimes. The Federal Information Security Management Act was published as Title III of the E-Government Act of 2002. The Federal Risk and Authorization Management Program (FedRAMP) process has been developed to ensure all cloud service providers that achieve FedRAMP compliance are assessed in a standardized manner. The chapter discusses the major regulations and regimes for security certification (or assessment) and accreditation (or authorization) of cloud-based information systems.
