Agency IT managers welcome FedRAMP changes
- By Mark Rockwell
- Mar 30, 2016
"I'm excited about FedRAMP Ready, NASA's Roopangi Kadakia said, referring to the just-announced changes to the Federal Risk and Authorization Management Program.
Kadakia's excitement -- about plans to move away from the slow, documentation-driven current approach and put cloud services through a readiness capabilities assessment at the front end of the process -- was shared by several other federal IT managers FCW asked about the new processes unveiled by the General Services Administration on March 28.
At that March 28 announcement, FedRAMP Director Matt Goodrich said cloud services providers should be able to complete that initial assessment in less than a month. Final approvals by FedRAMP's Joint Authorization Board are expected to come much faster as well, but Goodrich said this improved FedRAMP Ready designation would give CSPs and federal agencies alike a clear signal that a given cloud service is on the path for FedRAMP authorization.
Kadakia, the web services executive in NASA's CIO office, spoke at a March 30 FCW event on the barriers to cloud adoption that agencies must overcome. She said the new review process, and especially the preliminary security assessment, would be an important improvement for implementing software-as-a-service, cloud-based systems federal agencies are increasingly implementing.
"An SaaS company may come in and you have no idea of their security posture, which is a very important piece of their service," she said. Under the new review process, Kodakia said, her agency would have more immediate proof with the up-front assessment, rather than having to slog through thousands of pages of documentation that may or may not accurately describe the actual controls.
"From an agency perspective, I don't need to re-do a deep dive on their security plan," she said.
Other federal IT executives at the same event agreed. "GSA gets it," said Securities and Exchange Commission Branch Chief Michael Fairless. The proposed review process that is now out for public comment "ultimately allows us to get [cloud] to our customers faster."
"Better, faster is the key," said Robert Vietmeyer, the Defense Department's associate director for cloud computing and agile development in the Office of the CIO. The new process, he said, shows cloud service providers are maturing in their offerings and federal government agencies are getting better at cloud services.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.