Cloud

FedRAMP trimming approval time, officials say

Shutterstock image: Cloud concept. 

The time needed for cloud services to receive authorization under the Federal Risk Authorization and Management Program has been significantly shortened thanks to the FedRAMP Accelerated process.

At the Amazon Web Services Summit on June 14, FedRAMP Program Manager for Cybersecurity Claudio Belloli said the approval process, which originally required up to 24 months, has now been reduced to about four while maintaining the same rigor.

The four-month authorization process is shorter than even the estimated six months reported in May by the cybersecurity management and compliance firm Coalfire, though it does not quite reach the three-month goal that was floated when FedRAMP Accelerated was unveiled last year.

For cloud service providers to gain authorities to operate, there are two avenues: they can either deal directly with agencies or apply to the Joint Authorization Board, a team comprised of the CIOs from General Services Administration and the Departments of Defense and Homeland Security.

Because the JAB can only handle about 12-14 cases a year prioritized "based on demand," FedRAMP evangelist Ashley Mahan said that "it makes so much more sense" for most cloud service providers to work directly with a sponsoring agency, then undergo an expedited two-week final review from the FedRAMP program management office.

According to the May report, the cost of securing a FedRAMP authorization recently has averaged between $350,000 to $865,000. However, Mahan said the program office is currently "working on new material about what those updated costs are." She noted that the price tag will ultimately depend on "a number of factors," including the provider's knowledge of FedRAMP requirements and documentation procedures.

Although FedRAMP certification has been required required for virtually all cloud services used in the federal government since June 2014, Mahan acknowledged that some agencies still ask to work outside the FedRAMP framework. The CoalFire report estimated that 60 percent of agencies do not yet participate in the program.

"It absolutely is very frustrating for me," Mahan said.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.