FedRAMP, the government-wide program to help agencies access cloud solutions, has revamped its website and guidance for cloud service providers based on agency feedback.
The Federal Risk and Authorization Management Program assesses and authorizes security across government agencies when they are accessing cloud-based solutions. It was established in 2011 after OMB identified cybersecurity as one of its Cross Agency Priority Goals. There has been a major push towards encouraging agencies to use the cloud in recent months. In December, the White House issued a report outlining IT reforms over the next year, and last April President Trump issued an executive order creating a new technology council to overhaul federal IT systems.
FedRAMP has been looking to streamline the guidance that it provides to cloud service providers, and based on the feedback its gathered from the Joint Authorization Board teams and CSPs it has made a number of updates. These include guidance on digital identity requirements, based on NIST guidance, and updates to continuous monitoring performance.
FedRAMP has also updated its website as part of its 2018 goal to open up cloud adoption for agencies. The site has been structured to include specific pages for FedRAMP’s three main stakeholders — agencies, cloud services providers and third-party assessment organizations — and includes all the new guidance that has been introduced.
The agency has expanded its training and resources page based on feedback from agencies about the information they need, and the whole website has been updated to be sleeker and more intuitive. A major change to the site is the addition of a “get authorized” tab that includes information on both the joint authorization board and agency authorizations. These pages provide a high-level overview of the authorization process and help cloud service providers determine which authorization type is right for them.
FedRAMP has dubbed 2018 its “year of refinement” and on its website states that goals include increasing the number of services agencies can choose from, transforming security authorizations and strengthening the FedRAMP community.
“This year, we’re focusing on building, maturing, and perfecting these transformative initiatives so they best serve our stakeholders and deliver on the promise of increased efficiency and transparency,” states the website.