The OMB identified cybersecurity as one of 14 Cross-Agency Priority (CAP) Goals established in accordance with the Government Performance and Results Modernization Act of 2010.
The second Chief Information Officer of the United States, Steven VanRoekel, issued a memorandum to the federal agency Chief Information Officers on December 8, 2011, defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in Cloud computing environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Authorization Board (JAB) consisting of Chief Information Officers from DoD, DHS, and GSA.