Agency IT managers welcome FedRAMP changes

Cloud computing icon

"I'm excited about FedRAMP Ready, NASA's Roopangi Kadakia said, referring to the just-announced changes to the Federal Risk and Authorization Management Program.

Kadakia's excitement -- about plans to move away from the slow, documentation-driven current approach and put cloud services through a readiness capabilities assessment at the front end of the process -- was shared by several other federal IT managers FCW asked about the new processes unveiled by the General Services Administration on March 28.

At that March 28 announcement, FedRAMP Director Matt Goodrich said cloud services providers should be able to complete that initial assessment in less than a month. Final approvals by FedRAMP's Joint Authorization Board are expected to come much faster as well, but Goodrich said this improved FedRAMP Ready designation would give CSPs and federal agencies alike a clear signal that a given cloud service is on the path for FedRAMP authorization.

Kadakia, the web services executive in NASA's CIO office, spoke at a March 30 FCW event on the barriers to cloud adoption that agencies must overcome. She said the new review process, and especially the preliminary security assessment, would be an important improvement for implementing software-as-a-service, cloud-based systems federal agencies are increasingly implementing.

"An SaaS company may come in and you have no idea of their security posture, which is a very important piece of their service," she said. Under the new review process, Kodakia said, her agency would have more immediate proof with the up-front assessment, rather than having to slog through thousands of pages of documentation that may or may not accurately describe the actual controls.

"From an agency perspective, I don't need to re-do a deep dive on their security plan," she said.

Other federal IT executives at the same event agreed. "GSA gets it," said Securities and Exchange Commission Branch Chief Michael Fairless. The proposed review process that is now out for public comment "ultimately allows us to get [cloud] to our customers faster."

"Better, faster is the key," said Robert Vietmeyer, the Defense Department's associate director for cloud computing and agile development in the Office of the CIO. The new process, he said, shows cloud service providers are maturing in their offerings and federal government agencies are getting better at cloud services.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected