FedRAMP website set for makeover

FedRAMP is getting an online facelift in March, with new procurement guidelines and training modules on deck, according to the program's director.

Matt Goodrich said the General Services Administration's Federal Risk and Authorization Management Program, which seeks to standardize agencies' approach to cloud security, will unveil a new website and a dedicated URL -- FedRAMP.gov -- for federal cloud users and vendors next month. (FedRAMP.gov currently redirects to a section on the federal CIO Council's site. Previously, pages on GSA.gov served as the "FedRAMP homepage.")

The updates will reflect the program's "FedRAMP Forward" roadmap, announced in December, which addresses how to grow FedRAMP "thoughtfully, deliberately and effectively" in pursuit of three goals: increasing compliance and agency participation, improving efficiencies and facilitating adaptation.

At a Feb. 19 Association for Federal Information Resources Management (AFFIRM) panel on "New Voices in Federal IT," Goodrich said informal surveys of users, including federal employees, offered solid evidence that the current site was not "user friendly" and needed a refresh.

"We looked at the analytics, user interviews with stakeholders. People didn't understand how to get information," from the current site, he said. "We also needed a 10,000-foot high-level view of how FedRAMP does what it does," he added.

According to Goodrich, the new website will incorporate better-defined paths to information and will also be more visually appealing. He declined to provide an exact launch date, saying only it would be sometime in March.

In the coming weeks and months, Goodrich said FedRAMP will also roll out a series of specific guidance documents to industry and federal agencies outlining information on how to use the program, as well as templates that can be used across agencies for specific purposes. An initial guidance document concerns cloud procurement methods that will provide templates on how acquisition personnel can incorporate cloud into contracts. That guidance document, now in draft, he said, would be out "soon."

Goodrich hopes to follow that with others in the coming months, addressing ever more granular FedRAMP topics for federal users and vendors.