The Federal Risk and Authorization Management Program has begun seeking public comments on a draft policy update that seeks to strengthen the use of cryptography to ensure the security of federal cloud systems.
The draft policy outlines the requirements for selecting and using cryptographic modules for cloud-based systems.
FedRAMP said Friday it wants input on the policy’s potential implications for how cloud providers develop their offerings and whether the policy addresses a specific challenge in applying cryptography in cloud services.
The program is also asking stakeholders whether there are specific requirements they think should be included in the document to effectively implement the policy.
According to the draft, FedRAMP has several goals for the draft policy update, such as ensuring that cryptographic algorithms and functions being used to protect the confidentiality or integrity of federal systems and data are approved and promoting the use of cryptographic modules that are free of known vulnerabilities.
Public comments on the draft policy are due Sept. 9.