FedRAMP sets goals for FY2017
- By Amanda Ziadeh
- Nov 07, 2016
The Federal Risk and Authorization Management Program plans to speed up its authorization process and significantly expand its cloud services portfolio next year.
FedRAMP, the General Services Administration’s program to assess and authorize cloud services for government, specified three goals for fiscal year 2017: increase cloud options, transform security authorizations and strengthen the FedRAMP community.
The program is looking to double its cloud service offerings from 72 to 150 and increase the number of Authorizations to Operate (ATO) from 345 to 750. Overall, it intends to transform 50 more cloud service providers to FedRAMP Ready, according to a blog post by FedRAMP Director Matt Goodrich.
FedRAMP’s new tailored authorizations, designed for low-impact, specific-use software-as-a-service solutions, moves away from the current “one size fits all” model and will help cloud providers can get approvals more quickly.
FedRAMP also is redesigning the continuous monitoring process to be smoother and agile, while still ensuring cloud services continue to meet security requirements. Additionally, it is setting a goal to grant all provisional ATOs in less than six months.
To help the cloud service provider community develop compliant security packages, GSA plans to publish a how-to guide, documenting all of the National Institute of Standards and Technology security controls found in the FedRAMP baselines. Next year’s outreach efforts also include more industry days and roundtables for providers and agencies.
These goals are intended to advance FedRAMP’s accomplishments from 2016, which included increasing cloud services by 80 percent and ATOs by 56 percent and reducing the time it took to receive a provisional ATO from 104 weeks to 15 weeks with the transition to iterative processes.
Amanda Ziadeh is a former reporter/producer for GCN.