Page 5 - FCW, April 30, 2016
P. 5

Trending
A fast lane for FedRAMP
321ransomware attempts were documented at
29 federal agencies in the last half of 2015
turn, give agencies access to a broader range of CSPs more quickly.
The new process is currently being tested with three CSPs: Unisys, Micro- soft and GSA’s 18F. The trials began in March and will continue until June or so. Assuming no major problems, the
The General Services Administration is retooling the Federal Risk and Authori- zation Management Program in hopes of dramatically shortening the time it takes to get a cloud service reviewed and approved for agency use.
FedRAMP Director Matt Goodrich detailed the changes — which came after a six-month review of the cur- rent processes that involved discus- sions with more than 80 stakeholder groups — at a March 28 kickoff event.
The most notable change is a shift to surveying cloud service providers’ capabilities upfront rather than the expensive and time-consuming pro- cess of requiring and then reviewing extensive documentation. Goodrich unveiled a proposed FedRAMP Readi- ness Capabilities Assessment that he said CSPs could complete in less than a month — and the FedRAMP program management office could review within a week.
The FedRAMP process has some- times frustrated cloud service provid- ers and agencies alike, largely because of the time and expense involved in securing a provisional authority to operate. The fastest FedRAMP approv- al to date took five months, Goodrich said, but most reviews are taking nine to 18 months.
Although resource constraints are part of the problem, the main issue seems to be the documentation-driv- en process. The new approach, called FedRAMP Accelerated, will require CSPs to have a third-party assess- ment organization conduct the ini- tial capabilities assess-
ment before diving into
detailed documenta-
tion. If the 3PAO gives
the CSP passing marks
and the FedRAMP team
agrees, the CSP will be
declared “FedRAMP
ready” — a designation
Goodrich said will give
agencies confidence
that the service will be
approved for use in rela-
tively short order.
new method would then be available for other providers.
Goodrich stressed that the new approach is only for Joint Autho- rization Board reviews, and agencies still have the option of sponsor- ing their own FedRAMP authorizations, though he hoped they would see the benefits of FedRAMP Accelerated and choose to use it.
The third path to FedRAMP approv- al, however — the so-called CSP Sup- plied process in which a provider tests and documents without a government sponsor — is going away. CSPs with such efforts already underway can submit completed packages until April 29. After that, companies will have to shift to the Joint Authorization Board/ FedRAMP Accelerated approach.
— Mark Rockwell
The CSP will then be
required to complete a full FedRAMP Security Assessment before moving on to the Joint Authorization Board for approval. That, too, is a change from the current approach but one Goodrich said was crucial to ensur- ing faster approvals.
GSA officials said the approach should reduce the overall approval time to six months and possibly as little as three months — which would, in
FedRAMP Director
Matt Goodrich unveiled programs that will speed review and approval times, among other improvements.
FCW CALENDAR
5/11 Cybersecurity
The Navy’s Troy Johnson, FEC’s Esteve Mede and GSA’s Jim
Piché are among the speakers at
this FCW event on implementing
the Continuous Diagnostics and Mitigation Program. Washington, D.C. fcw.com/cdm2016
5/15-18 GIS
5/22-24 Risk management
ACT-IAC’s Management of Change conference will focus on “IT at a Crossroads: Managing Risk Through Transformation,” with discussions of analytics, solution sprints
and disruptions in government. Cambridge, Md. is.gd/FCW_MOC16
Director of National Intelligence James Clapper,
NGA Director Robert Cardillo and Undersecretary of Defense for Intelligence Marcel Lettre will keynote at the GEOINT 2016 Symposium. Orlando, Fla. geoint2016.com
April 30, 2016 FCW.COM 3
ZAID HAMID


































































































   3   4   5   6   7