open doors to cloud (Sergey Nivens/

Fixing FedRAMP: Can more guidance or bold ideas help?

Reps. Gerry Connolly (D-Va.) and Mark Meadows (R-N.C.) introduced bipartisan legislation that would make the approval process for the Federal Risk and Authorization Management Program faster and more efficient.

Connolly said the bill, which he previewed earlier this month, would define the roles and responsibilities of federal agencies and third-party assessment organizations, make the Office of Management and Budget officially responsible for FedRAMP policy and put the General Services Administration in charge of day-to-day implementation.

The FedRAMP Authorization Act of 2019 would also address further reducing the long approval times for vendor applicants, particularly small businesses, and cut down on the duplication of security assessments among the authorizing agencies. In addition, it would establish metrics for time, costs and assessment quality, and requires OMB to submit an annual report to Congress.

The same day the legislation was introduced (July 24), GSA's FedRAMP Program Management Office formally launched an ideation challenge that addresses many of the issues Connolly's bill seeks to fix. GSA had posted the challenge in June but then withdrew it. Officials are now calling on cybersecurity stakeholders -- including cloud service providers, agencies, third-party assessors and others -- to come up with new approaches to risk assessments and security authorizations.

Saying "no idea is too small," the PMO’s announcement states that it is looking for "bold, innovative and actionable ideas" that reduce the time and costs involved in the authorization process without compromising security.

More information is available at Responses are due by Aug. 22.

This article was first posted to FCW, a sibling site to GCN.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected