Fixing FedRAMP: Can more guidance or bold ideas help?
- By Mark Rockwell
- Jul 26, 2019
Reps. Gerry Connolly (D-Va.) and Mark Meadows (R-N.C.) introduced bipartisan legislation that would make the approval process for the Federal Risk and Authorization Management Program faster and more efficient.
Connolly said the bill, which he previewed earlier this month, would define the roles and responsibilities of federal agencies and third-party assessment organizations, make the Office of Management and Budget officially responsible for FedRAMP policy and put the General Services Administration in charge of day-to-day implementation.
The FedRAMP Authorization Act of 2019 would also address further reducing the long approval times for vendor applicants, particularly small businesses, and cut down on the duplication of security assessments among the authorizing agencies. In addition, it would establish metrics for time, costs and assessment quality, and requires OMB to submit an annual report to Congress.
The same day the legislation was introduced (July 24), GSA's FedRAMP Program Management Office formally launched an ideation challenge that addresses many of the issues Connolly's bill seeks to fix. GSA had posted the challenge in June but then withdrew it. Officials are now calling on cybersecurity stakeholders -- including cloud service providers, agencies, third-party assessors and others -- to come up with new approaches to risk assessments and security authorizations.
Saying "no idea is too small," the PMO’s announcement states that it is looking for "bold, innovative and actionable ideas" that reduce the time and costs involved in the authorization process without compromising security.
More information is available at challenge.gov. Responses are due by Aug. 22.
This article was first posted to FCW, a sibling site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.