The Federal Risk and Authorization Management Program has selected the next group of vendors for the FedRAMP Connect program that prioritizes cloud service providers to work with the Joint Authorization Board.
The Federal Risk and Authorization Management Program has selected the next group of vendors for the FedRAMP Connect program, which prioritizes cloud service providers to work with the Joint Authorization Board based on governmentwide demand, applicability for cross-agency use and system security.
FedRAMP received about 40 applications for the ATO prioritization and eventually selected five vendors and services:
- Fleet Management Solutions, a Teletrac Navman Company – Director fleet management software and GPS tracking solution.
- Infor - Infor Government SaaS
- Mantech - Continuous Diagnostic and Mitigation Shared Services
- Monster Government Solutions - Monster Hiring Management Enterprise
- Xerox Corporation - MPS for US Federal Government
In describing its criteria for participation, FedRAMP said that it first considers demand, calling it a "go / no-go criteria for prioritization," according to a program management office blog post. CSPs were required to verify current or potential demand from at least six federal or state and local customers. The PMO assigned each proven customer one point and each potential customer .25.
After demand, the CSP's FedRAMP Ready status became the determining factor for prioritization.
The next round of FedRAMP Connect will open in early summer 2018.
FedRAMP also announced plans for building the program by increasing the number of available services, improving the security authorizations and strengthening the community.
It plans to increase the number of authorized cloud services and reused authorizations and convert FedRAMP-Ready CSPs to the in-process or authorized stages.
To transform security authorization, FedRAMP will convert its templates to machine-readable formats to enable automation and interoperability. It also plans to increase the engagement between the FedRAMP ConMon process and the Continuous Diagnostics and Mitigation program "to ensure that as we scale, we can ensure we monitor Federal assets in the same way we monitor commercial solutions," FedRAMP Director Matt Goodrich said in an email.
FedRAMP plans to strengthen the community by updating requirements for third-party assessment organizations related to technical capabilities of assessors and by issuing playbooks to all stakeholders. It also plans to host a minimum of two industry days and two agency days.