Last week the GSA FedRAMP Program Office released the latest version of the cloud computing Security Assessment Plan (SAR) template.  This document is the most recent step toward the Federal governments goal of establishing FedRAMP initial operating Capability by June 2012.

The Federal Risk Authorization Management Program (FedRAMP) is
a government-wide program that provides a standardized approach to security assessment,
authorization, and continuous monitoring for Cloud Service Providers (CSP).
Testing security controls is an integral part of the FedRAMP security
authorization requirements and enables Federal Agencies to use the findings
that result from the tests to make risk-based decisions. Providing a plan for
security control ensures that the process runs smoothly. This document has been designed for CSP Third-Party
Independent Assessors (3PAOs) to use for planning security testing of CSPs.
Once filled out, this document constitutes a plan for testing. Actual findings
from the tests are to be recorded in FedRAMP security test procedure workbooks
and a Security Assessment Report (SAR).