The Federal Risk and Authorization Management Program (FedRAMP), the government-wide plan to secure cloud products and services, is almost a decade old. It is still evolving, however. Early in 2021, the House of Representative passed a bill that would have codified a number of its provisions into law, standardizing its processes for agencies to on-ramp cloud computing technologies. To date, the Senate has not acted on the bill. At the same time, alongside FedRAMP, the Defense Department is pushing out its own security standards for suppliers, which is, in turn, seeing expanding use in civilian IT contracts.
FedRAMP remains an important part of the federal government’s “Cloud Smart” policy for agencies, as hundreds of cloud projects have been authorized by the program. As it moves into its second decade, federal policy makers and technologists look to keep FedRAMP up with ever-advancing IT and security concerns.
This summit will examine the new policy developments, challenges agencies still face in reusing authorizations, and efforts to pass legislation to put FedRAMP requirements into law. It will also look at constantly evolving security landscape, the variety of cloud deployment models and the challenges agencies face to secure the data in them.
Attendees will come away with a better understanding of:
- How the Defense Department’s Cybersecurity Maturity Model Certification program will work with FedRAMP
- What the transition for FedRAMP to National Institute for Standards and Technology’s SP 800-53 Rev5 -- which catalogs security and privacy controls--means for federal agencies and suppliers.
- How state and local governments are assessing using FedRAMP
- The current status of moves to automate the authorization process through the General Services Administration using standardized machine-readable language (Open Security Controls Assessment Language --OSCAL) and a Web Services API.
- Lessons COVID 19 and the SolarWinds hack have taught as agencies accelerated their move to cloud and amplified the need for increased security
- How agencies are using FedRAMP to speed digital transformation