Today GSA announced that 18F's cloud.gov has obtained a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB). cloud.gov is the second CSP to successfully complete FedRAMP Accelerated in less than six months.
cloud.gov's authorization was 23 weeks from date cloud.gov kicked off with the JAB until the formally signed P-ATO. Of the 23 weeks, eight weeks were dedicated to the cloud.gov team's efforts to improve some technical and operational aspects, including additional monitoring and alerting, team training, automation, and formalized policies and procedures. By our calculations the JAB review time spent authorizing cloud.gov was only 15 weeks, which mirrors the same time it took for Microsoft CRMOL, the first vendor to obtain a JAB P-ATO through FedRAMP Accelerated.
cloud.gov gives federal teams a fast and easy way to host and update websites (and other web applications), so they can focus on their missions instead of wrangling the infrastructure and compliance requirements common to federal systems.
cloud.gov's P-ATO with the JAB will drastically reduce the time an agency spends in order to review cloud.gov's security and compliance to issue an authorization. This means an agency will be able to host and update websites and other web applications in the fraction of the time it would take with traditional solutions. Additionally, cloud.gov is the first completely open source service with FedRAMP Authorization, which agencies and stakeholders are invited to reuse and contribute to.
cloud.gov is also a building block for vendors and contractors that supply services to federal agencies. They can submit proposals to agencies for services to be built on top of cloud.gov, which benefit from these reduced technical and compliance burdens. For more information about this, ask your agency partners to evaluate this option or get in touch with the 18F team.
To learn more about FedRAMP, or to view the cloud.gov security authorization package, please visit www.FedRAMP.gov.