Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Digital Transformation

FedRAMP Roadmap Lays Out Ambitious Goals

by GTI Editors
February 11, 2015
in Digital Transformation
Reading Time: 3 mins read
A A
Share on FacebookShare on Twitter

The Federal Risk Authorization Management Program – better known as FedRAMP – is three years old, as of December 2014, and the program’s director, Matt Goodrich, told attendees of the Advanced Technology Academic Research Center’s Cloud Computing Summit there is now a roadmap laying out the program’s goals over the next two years.

“There are three main tenets to the roadmap,” Goodrich said. “Objective 1 is to increase stakeholder engagement, increase the number of agencies implementing FedRAMP.” There is no single authoritative source of information on which agencies are using the cloud, he said, so in the next six months “we’re going to create something that we consider a good baseline.”

During that six months, the PMO also will be creating a practical implementation guide that can be used to initiate assessments and authorizations for cloud services, he said.

Objective 2 is to increase cross-agency collaboration.

“We want to create a framework where two agencies using the same cloud [can work together],” Goodrich said, “whether it’s how to implement the new PIV environment, or going through an authorization, or implementing continuous monitoring.”

To get that off to a good start, also in the next six months the PMO will publish a draft multi-agency authorization methodology that follows the FedRAMP Security Assessment Framework, he said.

Objective 3 is increasing agencies’ understanding of what FedRAMP is, he said. The program website will be relaunched, probably in March, and will include training segments, “so agencies and cloud providers can really understand what FedRAMP is.”

The roadmap includes a host of specific tasks to be accomplished over six, 12, 18, and 24 months. For example, the program office will be issuing guidelines that address inconsistencies for security assessment activities, methodologies, and artifacts for Third Party Assessment Organizations (3PAOs) within the next six months. The requirements will be applied to the 3PAOs in 12 months, he said.

The program office will be looking at how to reuse industry standards, such as those for FISMA, HIPAA, or Security Operations Centers.

“If someone just went to a data center for assessment for a SOC, do we really have to do it again for FISMA?” Goodrich said. “There are a lot of details that have to be figured out … but if somebody is doing something for compliance in security, we want to be able to reuse that.”

The program office will be establishing additional baselines, Goodrich said. A draft “high baseline” that maps security areas – such as access control, risk assessment, system and information integrity, and identification and authentication, to name a few – against the security controls in NIST’s 800-53 Rev. 4 catalog has been released for comments, due by March 13.

FedRAMP also is looking to establish a framework for data and workflow automation, he said.

“How can we automate the creation of documentation, change it in one area and have the change [ripple through] the documentation?” he said. “We’re creating a draft of those automation requirements … There are tools out there that do [this]. If you have one of these tools, this is what we expect out of it.”

Goodrich said the PMO would be scheduling an industry day on the topic of automation tools.

Tags: cloud computingcloud computing summitcross agency collaborationFedRAMP. Federal Risk Authorization Management ProgramFISMA

RELATED POSTS

Automation
AI & Data

Automation: The Biggest Government IT Trend in 2022

April 13, 2022
Kristi
Cloud

Kristi Alford-Haarberg on Keeping Pace with the Demand for Digital Services

February 10, 2022
Kristi Alford-Haarberg
Defense & IC

Kristi Alford-Haarberg Discusses Building the Company That’s Building the Cloud

February 9, 2022
Please login to join discussion

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    5370 shares
    Share 2148 Tweet 1343
  • For the Army to Reach Modernization Goals, a Tactical Data Fabric is Crucial

    41 shares
    Share 16 Tweet 10
  • Design Secure Application Software That Transforms Government Agencies

    12 shares
    Share 5 Tweet 3
  • 2022 Government Investigations Technology Guide Discusses Nine Factors Investigators Should Consider in Technology Solutions

    12 shares
    Share 5 Tweet 3
  • Arizona Department of Economic Security Combats Unemployment Benefits Fraud

    61 shares
    Share 24 Tweet 15

CONNECT WITH US

MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2021 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Digital Transformation
    • Cybersecurity
    • Hybrid Work
  • Contact Us