FedRAMP about to hit the streets

The Federal Risk Authorization and Management Program will begin its initial operational capacity late in the week of June 4, federal CIO Steve VanRoekel said at the National Institute of Standards and Technology’s Cloud Computing Forum and Workshop V.

FedRAMP is the result of government’s work address security concerns related to the growing practice of cloud computing, VanRoekel said during a panel June 5 on global government views on the potential of cloud technology to transform public services.

The program establishes a standardized approach to security assessment, authorizations and continuous monitoring for cloud services and products.

Related coverage:

Feds put some meat on FedRAMP’s bones

Federal CIO says FedRAMP to be mandatory

As federal agencies started to implement cloud technology, officials discovered that agency requirements and approaches to certification were inconsistent, VanRoekel said during the forum, which is being held June 5-7 at the Commerce Department in Washington, D.C. FedRAMP will not only bring consistency to the process but give cloud vendors a standard way of providing services to the government, he said.

The government has come a long way in a very short time with cloud computing since the Obama administration began the initiative three years ago, VanRoekel said. The government realizes that the cloud represents a once-in-a-generation opportunity to reshape how the government thinks about, buys and uses technology, he said.

To jumpstart the move to cloud, the administration initiated the cloud-first policy, which requires agencies to consider moving applications to the cloud as a first option for new IT projects.

“Our cloud-first policy does not require that a cloud be based in the United States,” VanRoekel said. However, agencies are always required to elevate security and privacy requirements for any technology whether it is in a cloud or on-premise. As a result, requirements for protecting data — both at rest and in transit— will have to be among their considerations.

Agencies now understand how to effectively move to the cloud, and clouds are growing in size and complexity. And federal IT leaders will be providing agencies with tools to accelerate that migration, he said.

The General Services Administration in May released a list of accredited third-party assessment organizations that will provide assessments and test the controls of cloud service providers to ensure that they meet FedRAMP requirements. 

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected