Cloud

The 'Fix FedRAMP' crowd agitates for change

Shutterstock image: Cloud concept.

At a Capitol Hill cloud computing event packed with vendors who had soured on the government's Federal Risk and Authorization Management Program, one congressman asked the question that was on everyone's mind.

"Why is it so effed up?" asked Rep. Ted Lieu (D-Calif.).

The turnout, at an event hosted by the Cloud Computing Caucus Advisory Group, was predominantly representatives of industry, many distressed by long wait times and prohibitive costs to get Authorities to Operate for cloud systems.

Meritalk’s Steve O’Keeffe, introducing a position paper on industry-suggested improvements, said that just two years ago it took roughly nine months and $250,000 for a cloud service provider to obtain an ATO. Today, he said, those figures are closer to 2 years and $5 million.

“Forget small business,” remarked one audience member.

The raucous tone was perhaps in part due to the absence anyone from the FedRAMP program office at the event.

O'Keeffe criticized the FedRAMP office for what he called a "mysterious refusal" to offer official input on the months-long formation of the "Fix FedRAMP" plan. He also claimed that the General Services Administration-based team had recently presented a "FedRAMP 2.0" plan to lawmakers that drew heavily from his group's recommendations.

The General Services Administration, on behalf of the FedRAMP office, declined to comment. 

At an event late last month, FedRAMP Director Matt Goodrich noted that the ATO process had gotten bogged down, and promised a forthcoming redesign that would speed the process back up to six months.And the more-recent event wasn’t entirely doom and gloom.

International Trade Administration CIO Joe Paiva, for example, noted he cut IT spending by 15 percent at his agency over two years.

“I could not have done that without FedRAMP,” Paiva said. “There is incredible value in FedRAMP.”

The fixes offered by the industry groups plan ran the gamut.

The plan called for clearer valuations of the three different types of ATO (from the Joint Authorization Board, individual agencies or CSP packages), so ATOs can be more effectively leveraged for reuse across agencies. Harmonizing standards was another crucial ask.

The plan also seeks greater transparency, including information on how Defense Department cloud security standards map to the forthcoming FedRAMP High standards.

Rep. Gerry Connolly (D-Va.) agreed that improvements were needed, but said he wasn’t sure Congress had a legislative role to play in crafting a FedRAMP fix. He called on agencies to open up and work together, and borrowed a line from GOP presidential frontrunner Donald Trump to declare,  "Let’s make IT great again!"

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group