Page 16 - FCW, May 15, 2016
P. 16

FINALLY,
A FASTER FedRAMP?
A REVAMPED PROCESS TARGETS THE CLOUD SECURITY PROGRAM’S BIGGEST FRICTION POINT: TIME
BY TROY K. SCHNEIDER
There have been many goals for the Federal Risk and Authorization Management Program since the concept was first floated
in 2010: encouraging cloud adoption; “do once, use many times” efficiency; and trading check-box compliance for ongoing risk man- agement, to name a few.
Quick turnarounds, however, were never on that list.
“We didn’t have speed as one of our original goals,” FedRAMP Director Matt Goodrich said at a recent event to announce changes in the program. “Sure, we don’t want to work on something forever, but we were more concerned with making sure the systems we were authorizing were secured.”
That lack of emphasis was apparent even as the number of autho- rized cloud service providers topped 65 this year. When FedRAMP officially launched in June 2012, officials estimated that approvals would take four to six months. To date, one CSP has completed the process in five months; most take nine to 18 months. Many agen- cies and CSPs have gone through countless rounds of documentation review, and two years is not unheard of.
The FedRAMP program management office, which is based at the General Services Administration, has worked for years to showcase CSPs that are under review or “FedRAMP Ready” but to limited effect. So on March 28, Goodrich and his team unveiled changes that promise to make the Joint Authorization Board process a far more predictable, three- to six-month affair.
“We will never trade rigor for speed,” Goodrich said, but “we do want to see how fast we can make this happen.”
16 May 15, 2016
FCW.COM


































































































   14   15   16   17   18