Summary: A new memo from the Defense Department clarifies who is accountable for ensuring the security of cloud services at the FedRAMP moderate level. The latest document provides guidance on a clause within the Defense Federal Acquisition Regulation Supplement regarding the application of FedRAMP moderate to cloud services being used by contractors for storing and processing covered defense information. “One of the things that we learned in the early days of cloud was there was a lot of finger-pointing going on when something bad would happen. Let’s say a vulnerability would be found, or a zero-day event happened, there was this confusion around, ‘Is that the cloud service provider’s responsibility? Is that a contractor’s responsibility? Is that the government’s responsibility or somebody else? Who really is responsible?’” Raj Iyer, ServiceNow’s global head of public sector and a former chief information officer of the Army, told Federal News Network. Learn more about your ad choices. Visit megaphone.fm/adchoices
