FedRAMP's program manager is quick to share credit for the program's success.
Matthew Goodrich, FedRAMP's program manager, is quick to share credit for the program's success.
"I think people have this idea that FedRAMP is this huge team, or this huge government program or huge process," said Matthew Goodrich, program manager for the Federal Risk and Authorization Management Program at the General Services Administration. "It's actually a process that's pretty simple and that follows FISMA."
One reason, of course, might be the productivity of Goodrich himself. There are active participants at the Office of Management and Budget, National Institute of Standards and Technology, and other agencies, but the core team at GSA consists of Goodrich; Director Maria Roat, the former deputy CIO at the Federal Emergency Management Agency who joined FedRAMP in February; and 11 contractors.
"Matt is Mr. FedRAMP," said David McClure, associate administrator of GSA's Office of Citizen Services and Innovative Technologies.
Goodrich, however, is quick to share the credit. "We have an incredibly dedicated team" at GSA, he said. Scott Renda, portfolio manager for cloud computing at OMB, and the rest of the e-government team have been vital partners, he added, and NIST "has been absolutely instrumental in everything we do."
FedRAMP grew organically out of the Federal Cloud Computing Initiative's mandate to "remove the barriers to the adoption of cloud across government," Goodrich said.
"One of the biggest issues to come up in that initiative was security...and security is all about trust," he said. "How do we get agencies to trust these authorizations? And FedRAMP sort of grew out of that concept: If more than one agency does it together, then people will trust it more."
FedRAMP has been slow to show visible progress, but the number of approved cloud providers — and third-party assessment organizations that can evaluate them — has ticked steadily upward in recent months.
The authorization process takes time, Goodrich said. "But now you're seeing that we're beginning to hit traction with the rest of the providers, and I think you'll see a real steady rollout of new providers this summer and into the new year."