U.S. General Services Administration
GSA, OMB engage with stakeholders on modernizing FedRAMP
Federal employees looking for faster access to secure, cloud-based technologies to achieve their agency’s mission are not alone.
“Technology changes fast. We need a process for authorizing use of these new technologies that keeps up with the scale and speed of change that’s also aligned with our values for protecting national security, government assets, and personal privacy,” said GSA Administrator Robin Carnahan. “The recent Executive Order on Artificial Intelligence makes this work all the more urgent.”
Carnahan and GSA’s top technology officials hosted Office of Management and Budget leadership as part of a Public Engagement Forum on Nov. 15 to discuss suggestions specific to modernizing the Federal Risk and Authorization Management Program (FedRAMP), which promotes the adoption of secure, cloud-based services used by the government.
More than 400 participants attended to discuss the draft FedRAMP guidance now open for public comment through late December. The draft guidance outlines a vision for FedRAMP and sets out a plan to strengthen and enhance the program.
“This guidance is essential to the future of the FedRAMP program,” said Ann Lewis, director of Technology Transformation Services, sharing OMB’s urgency to modernize the program. Lewis also chairs the Federal Secure Cloud Advisory Committee (FSCAC).
GSA administers FedRAMP, along with several other programs that help federal agencies build, buy or modernize digital services.
The event built on previous public engagement activities, including through the Federal Secure Cloud Advisory Committee (FSCAC), which Administrator Carnahan addressed earlier this year.
“I’m convinced that the work we do together to improve FedRAMP is one of the most impactful and long-lasting things GSA and any of us can do to improve the lives of millions of people,” Carnahan said.
OMB established FedRAMP in December 2011 to standardize cloud security and improve the availability of cloud products and services for federal agencies. In December 2022, Congress passed the FedRAMP Authorization Act to codify these offices and responsibilities. OMB’s draft memo is the next step in working to modernize FedRAMP.
Key areas of the draft guidance address how the FedRAMP Program would:
- Significantly scale the size and scope of the FedRAMP Marketplace.
- Address the high-level scope and strategy of FedRAMP.
- Establish FedRAMP as a security and risk management program.
- Streamline and automate more of the authorization process.
What’s non-negotiable, according to Carnahan, are the foundational values that drive GSA’s work, such as protecting national security and protecting government assets, as well as protecting personal privacy and ensuring timely access to a better digital government that serves people in government and taxpayers nationwide.
Carnahan and others encouraged stakeholders to provide feedback on the draft FedRAMP policy open for public comment. Comments can be made here on the Federal Register until Dec. 22.