Can 18F's pass FedRAMP review?

Shutterstock image (by Lightspring): businessman hanging from a cloud concept image. 

When the Federal Risk and Authorization Management Program unveiled its new "FedRAMP Accelerated" process in March, 18F's project was one of three test drivers for the new approach.

More than three months later, is still not through all the hoops.  But the General Services Administration-run cloud service provider was declared FedRAMP Ready in June, and on July 18 four members of 18F posted a lengthy update on the progress to date. Final approval from the FedRAMP Joint Authorization Board, they wrote, is expected in November. is a platform-as-a-service offering that aims to handle "shared technical and policy requirements common to all federal government systems," according to the 18F post. It runs on commercial infrastructure, and one of the team's next steps is migrating to Amazon Web Services' GovCloud. Also on the list is expanding the security incident response plan.

And while one of the goals of the new FedRAMP processes was to reduce the emphasis on up-front paperwork, is deep into documentation efforts now that it's before the Joint Authorization Board.

18F built its own "Compliance Masonry tool," and is using that for  "so that we can collaborate on required documentation in a structured way rather than wrangling a multi-hundred-page Word document."  The goal, the blog authors wrote, is to make the materials "easily reusable as part of compliance documentation" for agencies that choose to run services on

A November FedRAMP authorization for would put mean a roughly eight-month process -- far better than the nine to 18 months most CSPs have averaged, but not quite the three-to-six-month turnaround that FedRAMP Director Matt Goodrich has said is the goal. 

The pilot projects for FedRAMP Accelerated -- in addition to the team, Microsoft and Unisys have also been helping to test the new process -- were expected to take a bit longer, of course.  But there might soon be legislative pressure to accelerate further:  The MOVE IT Act, introduced on June 14 in both the House and Senate, calls for "maximum time limits for the completion of authorizations ... not to exceed six months."

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of, Schneider also helped launch the political site in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times,, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.